f3f906d355fd80335a51487ae9ad7a09_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f3f906d355fd80335a51487ae9ad7a09_JaffaCakes118
Size

572KB
MD5

f3f906d355fd80335a51487ae9ad7a09
SHA1

0e6f01b56caf4ce4ab552c080e279f3126f27e10
SHA256

e351cf3b212f9eb8bdbf1c31d8ea7e3f888c32571009635134e518398d0f6c03
SHA512

5738cfa8cd098eccebe0bbae028ba9b4c43a44c7ea2ce0781e5105dba8681950808b41022dd2b6931af7ebe96868928e5966e6864369976cac354f3a3d01be48
SSDEEP

12288:uAYTLLZvdKEGxzvIwOJkRHWqADg2cc+A5YGloTZDjFwAVXY2VIgt:LYTx0ZxTIvCNOgY+qoxj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f3f906d355fd80335a51487ae9ad7a09_JaffaCakes118

Files

f3f906d355fd80335a51487ae9ad7a09_JaffaCakes118
.exe windows:5 windows x86 arch:x86

56ccd1abfeddd3fa60f44c9363f3916a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

BuildCommDCBW
DeviceIoControl
DnsHostnameToComputerNameA
EnumDateFormatsW
EnumResourceLanguagesW
ExitProcess
FlushInstructionCache
FreeConsole
GetACP
GetCommandLineA
GetCurrencyFormatA
GetCurrentThread
GetMailslotInfo
GetProcessAffinityMask
HeapAlloc
IsValidLanguageGroup
OpenMutexA
RtlZeroMemory
SetCalendarInfoW
SetLastError
SetThreadLocale
SetUnhandledExceptionFilter
SetVolumeLabelA
VerLanguageNameA
VirtualAlloc
VirtualFree
WriteProfileSectionA
_lwrite

version

VerFindFileA
GetFileVersionInfoSizeW
GetFileVersionInfoSizeA
GetFileVersionInfoA

ntdll

RtlExpandEnvironmentStrings_U
NtFsControlFile
RtlNtStatusToDosError
RtlSetThreadPoolStartFunc
ZwCreateProcess
ZwDeleteFile
ZwDuplicateObject
RtlLookupElementGenericTable

userenv

RegisterGPNotification
EnterCriticalPolicySection
ExpandEnvironmentStringsForUserW
FreeGPOListW
GetAppliedGPOListW
CreateEnvironmentBlock
UnregisterGPNotification
DestroyEnvironmentBlock
LeaveCriticalPolicySection
GetProfilesDirectoryW

crtdll

freopen
_mbctoupper
_initterm
_finite
_exit

rpcrt4

IUnknown_Release_Proxy
float_from_ndr
double_from_ndr
RpcSsSetThreadHandle
RpcSmSetClientAllocFree
RpcServerUseAllProtseqsIfEx
RpcServerUseAllProtseqsIf
RpcServerUseAllProtseqsEx
RpcServerInqIf
RpcServerInqDefaultPrincNameA
RpcObjectSetInqFn
RpcMgmtInqIfIds
RpcCancelThread
RpcBindingToStringBindingA
RpcBindingInqAuthClientA
RpcAsyncInitializeHandle
CStdStubBuffer_IsIIDSupported
MIDL_wchar_strcpy

Exports

Exports

IwctmomOwcbrCrnu
aaZUaxGtvsvivk
auVnudZpLdrvIkQrg
bEgwds
bspqbeoKkekjt
cMshpu
gnaupmmLu
gvcgnlQyqhu
kOrQzoyqz
kxVfxEcyflcqjjgc
lFuuxdfLkyocnN
rXXyulZ
shtFdvnrY
tGsdjkweuwlekjosohc
uAriolz
uwfmpgcllguprP
vhKtzsxgju
wcsMfboj

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 486KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

56ccd1abfeddd3fa60f44c9363f3916a

Headers

File Characteristics

Imports

kernel32

version

ntdll

userenv

crtdll

rpcrt4

Exports

Exports

Sections

.text Size: 33KB - Virtual size: 33KB

.data Size: 486KB - Virtual size: 1.1MB

.rsrc Size: 51KB - Virtual size: 51KB

.text
Size: 33KB - Virtual size: 33KB

.data
Size: 486KB - Virtual size: 1.1MB

.rsrc
Size: 51KB - Virtual size: 51KB