420e53c9e10b10d19edd2cb50bcf3521_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

420e53c9e10b10d19edd2cb50bcf3521_JaffaCakes118
Size

519KB
MD5

420e53c9e10b10d19edd2cb50bcf3521
SHA1

7db6f853b4810aeede874820a1016726dae0ab1a
SHA256

2bb57582c8cbd528dd84cf21917785119b7e05035e2935cc0a0ea8c8dcdaa674
SHA512

901d66f16c4d11975ebd56bff7064d76ae25e2c2d726b78a95001a62cea57e314bc9b7c8ed221c8339c07ce890daa19a333b40c859ac6df16c8fee9064a8124d
SSDEEP

6144:eK1uoUQksOflh+mCfcyefsDebUQK/4GEX8W+Rh10b:eK1uoU9sOth4fchfi+X8lRK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
420e53c9e10b10d19edd2cb50bcf3521_JaffaCakes118

Files

420e53c9e10b10d19edd2cb50bcf3521_JaffaCakes118
.exe windows:5 windows x86 arch:x86

aa470c2c6354d732c05f5e5f414deeb4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

ehrjrhw.pdb

Imports

advapi32

LookupPrivilegeDisplayNameA
LookupPrivilegeDisplayNameW
DeleteAce
LookupAccountSidA
GetSecurityDescriptorDacl
GetSidSubAuthorityCount
EqualDomainSid
GetCurrentHwProfileW

ntdll

strtol

user32

DestroyIcon
InsertMenuItemA
GetTabbedTextExtentW
DestroyMenu
GetMenuDefaultItem
GetInputState
GetRawInputDeviceList
PackDDElParam
GetScrollPos
GetSubMenu
IsWindowUnicode
GetClassLongA
DialogBoxParamA
GetClassNameA
EnumThreadWindows
GetClassInfoExW
GetRawInputData
GetKeyboardLayoutNameA
FreeDDElParam
IsMenu
DefMDIChildProcW
GetDesktopWindow
FlashWindowEx

urlmon

FaultInIEFeature

mscms

GetStandardColorSpaceProfileW

msvcrt

malloc
setvbuf

winspool.drv

GetPrintProcessorDirectoryW

oleaut32

LoadRegTypeLi
GetRecordInfoFromTypeInfo

kernel32

GetTapeParameters
GetCommandLineA
SetSystemFileCacheSize
SetFileApisToOEM
AreFileApisANSI
GetModuleHandleA
GetCurrencyFormatA
GetModuleFileNameA
LoadLibraryExA
FoldStringW
GetLogicalDriveStringsA
GetConsoleCursorInfo
FindFirstFileExW
GetCurrentThreadId
DeleteTimerQueue
GetFileSize
GetProcessTimes
GetOverlappedResult
FindResourceExA
GetProcAddress
GlobalLock
GetDiskFreeSpaceA
GetAtomNameW
GetBinaryTypeA
GetThreadTimes
GetWindowsDirectoryA
SetFileApisToANSI
GetVolumeInformationW
LoadLibraryW
EnumTimeFormatsA
GetStartupInfoW
GetTimeFormatA
EnumSystemLocalesA
FindFirstFileExA
GetConsoleScreenBufferInfo
GetConsoleWindow
FlushFileBuffers
GlobalAddAtomA
GetCurrentThread
LoadResource
GetTapePosition
WriteProfileStringW
GetStdHandle
GetThreadContext
LockResource

secur32

FreeContextBuffer
FreeCredentialsHandle

shell32

FindExecutableA

wininet

FindNextUrlCacheEntryExW
FindNextUrlCacheEntryExA
FindFirstUrlCacheEntryExA

gdi32

GetSystemPaletteUse
GetTextExtentPointA
GetCharWidthFloatA
ExtTextOutW
GetDeviceCaps
GetPaletteEntries
GetTextCharset
GetPath

ole32

GetRunningObjectTable

clusapi

GetClusterFromResource

Sections

.text
Size: 151KB - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 361KB - Virtual size: 366KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aa470c2c6354d732c05f5e5f414deeb4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

ntdll

user32

urlmon

mscms

msvcrt

winspool.drv

oleaut32

kernel32

secur32

shell32

wininet

gdi32

ole32

clusapi

Sections

.text Size: 151KB - Virtual size: 151KB

.data Size: 361KB - Virtual size: 366KB

.idata Size: 3KB - Virtual size: 3KB

.rsrc Size: 2KB - Virtual size: 1KB

.text
Size: 151KB - Virtual size: 151KB

.data
Size: 361KB - Virtual size: 366KB

.idata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 2KB - Virtual size: 1KB