2ee2c90e767c401c1f14c7341e8ca409_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2ee2c90e767c401c1f14c7341e8ca409_JaffaCakes118
Size

119KB
MD5

2ee2c90e767c401c1f14c7341e8ca409
SHA1

8ce61f0a4d745c3165500316d3f46361f8b97cd3
SHA256

b1340d61918fbfe760ee2088dec385fd2667c8301ecf647ed5f6a4bc953bf791
SHA512

ea4a81aba9c8d1105623fc29af22026a97e8191cbd761ba36fa276ede1f435dc798a65090af59fb086f89b083f6d63799e9c8af6254bf857fdf2cd05e1737c3a
SSDEEP

3072:FwMEtlpKKxNByLWVsZnBUhbAuFstUVAqSZ:KTf9yLWy9BuF9VAqS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2ee2c90e767c401c1f14c7341e8ca409_JaffaCakes118

Files

2ee2c90e767c401c1f14c7341e8ca409_JaffaCakes118
.exe windows:5 windows x86 arch:x86

421271b37f0b2c9cb275cdcf6a0710ae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

1234QwerC3#.pdb

Imports

setupapi

SetupDiRegisterCoDeviceInstallers
SetupGetBackupInformationW
SetupOpenLog
SetupDiCreateDeviceInterfaceRegKeyW

msi

ord30

crypt32

CryptVerifyCertificateSignature
CryptEncodeObject

winspool.drv

DeletePrinterDriverExW
GetPrinterDataW
AddFormW

user32

IsWindowVisible
ChildWindowFromPoint
SetParent
GetClipboardFormatNameW
SetCaretPos
GetMessagePos
RegisterClipboardFormatA
GetCursor

avifil32

AVIStreamRelease

ws2_32

WSACleanup
inet_addr

msvcrt

printf

winscard

SCardListReadersW

rasapi32

RasGetProjectionInfoA

pdh

PdhUpdateLogW

rpcrt4

RpcBindingInqAuthInfoExW
RpcBindingInqAuthClientW
RpcErrorEndEnumeration
RpcBindingFromStringBindingW

kernel32

FlsFree
SwitchToThread
GetProcessHeap
GetACP
GetOEMCP
SetEvent
GetQueuedCompletionStatus
GetAtomNameA
GlobalFindAtomW
SetNamedPipeHandleState
BuildCommDCBA

shlwapi

PathRemoveBackslashA
SHRegSetPathW
PathIsPrefixA

comctl32

GetMUILanguage
CreateToolbarEx

ole32

CoCreateFreeThreadedMarshaler

oleaut32

VarUdateFromDate
VarBstrFromR8
SafeArrayAllocData
VarDateFromI4

shell32

ord526

secur32

QuerySecurityPackageInfoW

winmm

mmioAscend

mscms

OpenColorProfileA

esent

JetSetColumns
JetEscrowUpdate

gdi32

GetGlyphOutlineA
GetCharWidthW
EnumFontFamiliesExA
GetDeviceCaps
GetGlyphIndicesW
FloodFill
PlayEnhMetaFileRecord

ntdll

RtlFirstEntrySList

advapi32

RegOpenKeyA
GetSidSubAuthorityCount
RegEnumKeyExA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.CRt1
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

HWzrasX
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sZ3joRtp
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

NNgC
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

421271b37f0b2c9cb275cdcf6a0710ae

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

setupapi

msi

crypt32

winspool.drv

user32

avifil32

ws2_32

msvcrt

winscard

rasapi32

pdh

rpcrt4

kernel32

shlwapi

comctl32

ole32

oleaut32

shell32

secur32

winmm

mscms

esent

gdi32

ntdll

advapi32

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 3KB - Virtual size: 3KB

.CRt1 Size: 2KB - Virtual size: 6KB

HWzrasX Size: 17KB - Virtual size: 17KB

sZ3joRtp Size: 20KB - Virtual size: 19KB

NNgC Size: 51KB - Virtual size: 51KB

.rsrc Size: 1024B - Virtual size: 992B

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 3KB - Virtual size: 3KB

.CRt1
Size: 2KB - Virtual size: 6KB

HWzrasX
Size: 17KB - Virtual size: 17KB

sZ3joRtp
Size: 20KB - Virtual size: 19KB

NNgC
Size: 51KB - Virtual size: 51KB

.rsrc
Size: 1024B - Virtual size: 992B