211a9e44b9bba9ee44f270dd4ed09d8a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

211a9e44b9bba9ee44f270dd4ed09d8a_JaffaCakes118
Size

516KB
MD5

211a9e44b9bba9ee44f270dd4ed09d8a
SHA1

bf6674b5665f6e83a807f96abc35fb38a985b5f7
SHA256

8184aaf870757bb977f1b72d703d3df2e75570519be6659d7cee66e20df5be39
SHA512

4b0c648b9c4e03292f91506cd392dcf2bc92ce3c13f5cbb823c45c29b3ed6c8a04d6e1c834f4a41af357b05cb345ed3def71091b4f91b47e47d701fcdfdd34c8
SSDEEP

3072:mpzBNyConnk5aQCjCTpqepZbPs8BQbtT4rzSBR2:mpzBoCIpW8eLPFQbtT42

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
211a9e44b9bba9ee44f270dd4ed09d8a_JaffaCakes118

Files

211a9e44b9bba9ee44f270dd4ed09d8a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

37fc94224b6d45d95e7f759d073b1728

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

eaFB47#j1t3cpJIbMqD34.pdb

Imports

cfgmgr32

CM_Disable_DevNode

ws2_32

gethostbyaddr

oleaut32

VarBoolFromR4
SysReAllocStringLen
VariantTimeToDosDateTime

imm32

ImmSetCompositionWindow

msvfw32

ICCompressorChoose

kernel32

GetModuleHandleA
GetNamedPipeClientComputerNameA
lstrcpynA
BeginUpdateResourceA
SetDefaultCommConfigA
DeviceIoControl

ole32

StgCreateDocfile
OleInitialize
CoTaskMemFree
CoInvalidateRemoteMachineBindings
CLIPFORMAT_UserSize

msvcrt

wcsspn

winmm

waveOutGetID

rpcrt4

RpcMgmtSetCancelTimeout
NDRCContextBinding

user32

AnimateWindow
SetRect
EnumWindowStationsA
GetCursor
GetParent
GetSystemMetrics

ntdll

RtlInterlockedPopEntrySList

mprapi

MprConfigTransportGetHandle

winscard

SCardLocateCardsW

crypt32

CertRegisterSystemStore

gdi32

CreateICA
GetTextFaceW
GetWinMetaFileBits

advapi32

LookupPrivilegeDisplayNameA
RegLoadKeyA
GetSidSubAuthority
AdjustTokenPrivileges

shlwapi

UrlCanonicalizeA

urlmon

URLDownloadToFileW

msi

ord29

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.rsrc
Size: 448KB - Virtual size: 454KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

37fc94224b6d45d95e7f759d073b1728

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

cfgmgr32

ws2_32

oleaut32

imm32

msvfw32

kernel32

ole32

msvcrt

winmm

rpcrt4

user32

ntdll

mprapi

winscard

crypt32

gdi32

advapi32

shlwapi

urlmon

msi

Sections

.text Size: 48KB - Virtual size: 47KB

.rdata Size: 8KB - Virtual size: 5KB

.rsrc Size: 448KB - Virtual size: 454KB

DATA Size: 4KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 48KB - Virtual size: 47KB

.rdata
Size: 8KB - Virtual size: 5KB

.rsrc
Size: 448KB - Virtual size: 454KB

DATA
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 1KB