4e1d76f5405c1bcb195495eeb1742602_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4e1d76f5405c1bcb195495eeb1742602_JaffaCakes118
Size

136KB
MD5

4e1d76f5405c1bcb195495eeb1742602
SHA1

409b4b02641a457dc102086363d59896de2e5e3f
SHA256

bb0ad2c1dc2c13fefeeb3f39499878793a5c074e7bcfea11a4f2c8478bc2af2f
SHA512

1a838dae2ebddf40b9ef34fccbc1200c760ee7e863fd360f74593fb29e935fd3ca8e1a6aecf08ecdd0ccf9477552f513b2389b4abe18fff1c700e700a6bf9c7a
SSDEEP

3072:dth9Vka3/1Ad72h8ubBbQ4lxQu3H0y5HdmaGMyCgl:dz9Vkxd72h8KBvdj5Hhe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4e1d76f5405c1bcb195495eeb1742602_JaffaCakes118

Files

4e1d76f5405c1bcb195495eeb1742602_JaffaCakes118
.exe windows:6 windows x86 arch:x86

84ed65523eac03e694485caa83280708

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

RpcMgmtIsServerListening
RpcIfInqId
RpcBindingInqAuthClientW

advapi32

AddUsersToEncryptedFile
IsValidAcl
ObjectOpenAuditAlarmA
StartServiceW
GetSidSubAuthority
CryptImportKey
CryptSignHashW

comctl32

ImageList_AddMasked

winmm

midiOutMessage

msacm32

acmStreamOpen

shlwapi

UrlIsW

winscard

SCardEstablishContext

winspool.drv

FindClosePrinterChangeNotification

mprapi

MprAdminMIBEntryCreate
MprAdminTransportGetInfo

wininet

InternetCrackUrlA

oleaut32

VarParseNumFromStr
DispCallFunc

gdi32

SetPixel
GetTextColor
CreatePenIndirect
CreateFontW
CreateRectRgnIndirect

kernel32

CloseHandle
GetCurrentProcess
SetConsoleHistoryInfo
GetLocalTime
GetCommandLineW
HeapFree
ScrollConsoleScreenBufferA
GetProcessId
DisconnectNamedPipe
Thread32First
GetPriorityClass
PeekConsoleInputA
DeleteTimerQueueEx
SetVolumeLabelW

user32

IsZoomed
GetCapture
GetForegroundWindow
GetScrollRange
GetWindowTextLengthW
ChangeDisplaySettingsW
MoveWindow
GetScrollPos

netapi32

NetSessionGetInfo
NetGroupSetUsers

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.io
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.code
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

84ed65523eac03e694485caa83280708

Headers

DLL Characteristics

File Characteristics

Imports

rpcrt4

advapi32

comctl32

winmm

msacm32

shlwapi

winscard

winspool.drv

mprapi

wininet

oleaut32

gdi32

kernel32

user32

netapi32

Sections

.text Size: 16KB - Virtual size: 15KB

.io Size: 40KB - Virtual size: 37KB

.data Size: 8KB - Virtual size: 14KB

.CRT Size: 4KB - Virtual size: 3KB

.qdata Size: 4KB - Virtual size: 1KB

.code Size: 52KB - Virtual size: 49KB

.rsrc Size: 4KB - Virtual size: 912B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 16KB - Virtual size: 15KB

.io
Size: 40KB - Virtual size: 37KB

.data
Size: 8KB - Virtual size: 14KB

.CRT
Size: 4KB - Virtual size: 3KB

.qdata
Size: 4KB - Virtual size: 1KB

.code
Size: 52KB - Virtual size: 49KB

.rsrc
Size: 4KB - Virtual size: 912B

.reloc
Size: 4KB - Virtual size: 3KB