fe1694f7ab768a645714fbfe868805c1_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

fe1694f7ab768a645714fbfe868805c1_JaffaCakes118
Size

84KB
MD5

fe1694f7ab768a645714fbfe868805c1
SHA1

e849250f100caba4f79ccdcc8286ba3aaf066477
SHA256

6cafe5929e1893e6b535de8ac695949f25a297547ec88849ec96b4c090704ff2
SHA512

d0eddde30f653614488f18576e07048722d5dd82c49f2cc3a58e433f60dfb0077fb230c76019d904fe43df74d87ec8d0c0fb7c5eafaaf460952264b536411a97
SSDEEP

1536:NIoxMhd/fLX2E5Gt3Z2OsD+BULaeee940rqKThL+9NPxHGV17515K7BJF1paNY:NIoGzjX2EstZ2OCuUtn940GUkeV1/U75

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fe1694f7ab768a645714fbfe868805c1_JaffaCakes118

Files

fe1694f7ab768a645714fbfe868805c1_JaffaCakes118
.exe windows:5 windows x86 arch:x86

1581b391126e2c03094284d8cdcd9111

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcessId
OpenJobObjectW
GetTempFileNameW
SetDefaultCommConfigA
GetSystemTimeAsFileTime
OpenJobObjectA
RequestWakeupLatency
GetStartupInfoA
VirtualAlloc
ExitThread
GetConsoleAliasA
UpdateResourceW
WriteConsoleInputVDMA
HeapCreate
GetLogicalDrives
CreateRemoteThread
GlobalGetAtomNameW
QueryPerformanceCounter
EnumCalendarInfoExA
GetTickCount
LoadLibraryA
FindActCtxSectionStringW
TerminateJobObject
FindFirstVolumeMountPointW
BuildCommDCBW
GetConsoleAliasW
GetCurrentThreadId

mfcsubs

?AllocBeforeWrite@CString@@IAEXH@Z
?FindOneOf@CString@@QBEHPBG@Z
?AllocBuffer@CString@@IAEXH@Z
?InsertAt@CStringArray@@QAEXHPAV1@@Z
?InitHashTable@CMapStringToPtr@@QAEXIH@Z
?AfxLoadString@@YGHIPAGI@Z
??O@YG_NABVCString@@PBG@Z
?Release@CString@@KGXPAUCStringData@@@Z
?GetUpperBound@CStringArray@@QBEHXZ
??8@YG_NPBGABVCString@@@Z
?SetSize@CStringArray@@QAEXHH@Z
??1CStringArray@@UAE@XZ
?Collate@CString@@QBEHPBG@Z
?Append@CStringArray@@QAEHABV1@@Z
??_7CMapStringToPtr@@6B@
??_7CCriticalSection@@6B@
??O@YG_NABVCString@@0@Z
?SpanIncluding@CString@@QBE?AV1@PBG@Z
??N@YG_NPBGABVCString@@@Z

gdi32

PATHOBJ_vGetBounds
EngGradientFill
GetColorAdjustment
GetNearestPaletteIndex
DdEntry50
EngTransparentBlt
DdEntry12
GetTextColor
SetDCPenColor
SetColorAdjustment
GetGlyphIndicesW
SelectBrushLocal
EqualRgn
GdiValidateHandle
EngFindResource
GetCharABCWidthsW
GetSystemPaletteUse
DeviceCapabilitiesExA
GdiPlayPrivatePageEMF
GetLogColorSpaceA
DdEntry13
Pie
EngMultiByteToWideChar
STROBJ_bEnum

user32

DdeFreeDataHandle
GetSystemMenu
EnumChildWindows
DdePostAdvise
VkKeyScanExA
GetCursor
SetClassWord
LockWindowUpdate
SetKeyboardState
DefDlgProcW
MessageBoxIndirectW
GetPropW
GetWindowModuleFileNameW
TranslateAcceleratorW
DdeQueryStringA
GetClassInfoExA

Sections

.text
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1581b391126e2c03094284d8cdcd9111

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

mfcsubs

gdi32

user32

Sections

.text Size: 33KB - Virtual size: 32KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 18KB - Virtual size: 60KB

.rsrc Size: 20KB - Virtual size: 20KB

.reloc Size: 512B - Virtual size: 268B

.text
Size: 33KB - Virtual size: 32KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 18KB - Virtual size: 60KB

.rsrc
Size: 20KB - Virtual size: 20KB

.reloc
Size: 512B - Virtual size: 268B