05a30994821845197be5d1ebb616dbbb_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

05a30994821845197be5d1ebb616dbbb_JaffaCakes118
Size

328KB
MD5

05a30994821845197be5d1ebb616dbbb
SHA1

0bf4c283b2ecac2d8d94074248403d89754c688f
SHA256

73a2ed1606f22e828554948d7f79dd99f2858bc3465e5065abcbf90d98583b3c
SHA512

6bcffb9ec948aee21851e299a8a96a6c795c5546fad7d2f737ceb5f6d782975551b0f77e8e6c91450d5ee881f8e8d35eceb1944101eb94656b42a1e72c1e6073
SSDEEP

6144:a9zyYnK/Poydbl3rFLRN8kAZyubtSiTsflsyAC9RM4ATGtMHoLm:8sgKdrBRMdSOCPbxL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
05a30994821845197be5d1ebb616dbbb_JaffaCakes118

Files

05a30994821845197be5d1ebb616dbbb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cac51531ada380cdf564fcd4fd283b77

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

user32

GetClassNameA
GetShellWindow

ntdsapi

DsFreeDomainControllerInfoA
DsReplicaSyncA
DsAddSidHistoryA

imm32

ImmReleaseContext
ImmIsUIMessageW

kernel32

SetCalendarInfoA
EnumResourceNamesW
VirtualQuery
lstrcatA
VirtualProtect
GetModuleHandleA
ReadConsoleOutputA
OpenWaitableTimerA
CreateProcessW
EnumCalendarInfoExW
FindResourceA
LocalFlags
IsBadCodePtr
GetBinaryTypeW
lstrcpyW
GetQueuedCompletionStatus
IsBadReadPtr
CreateEventW
CreateWaitableTimerA
SetHandleCount
AddVectoredExceptionHandler
ExitProcess
FormatMessageA
FreeConsole

urlmon

URLOpenBlockingStreamA
RegisterFormatEnumerator

ole32

OleConvertIStorageToOLESTREAMEx
CLSIDFromString
ReleaseStgMedium
StgConvertPropertyToVariant

comdlg32

PrintDlgW
GetOpenFileNameA
GetFileTitleA

msvcrt

isupper
fputwc
wcstombs
memcpy

shell32

SHInvokePrinterCommandW
SHEmptyRecycleBinW
ShellAboutA
SHInvokePrinterCommandA

pdh

PdhGetCounterInfoA

setupapi

SetupCommitFileQueueW

Sections

.text
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 152KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cac51531ada380cdf564fcd4fd283b77

Headers

File Characteristics

Imports

user32

ntdsapi

imm32

kernel32

urlmon

ole32

comdlg32

msvcrt

shell32

pdh

setupapi

Sections

.text Size: 160KB - Virtual size: 159KB

.rdata Size: 152KB - Virtual size: 148KB

.data Size: 8KB - Virtual size: 276KB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 160KB - Virtual size: 159KB

.rdata
Size: 152KB - Virtual size: 148KB

.data
Size: 8KB - Virtual size: 276KB

.rsrc
Size: 4KB - Virtual size: 1KB