4f2d8bb1f96447d2caaf1e71d06cc1b9_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

4f2d8bb1f96447d2caaf1e71d06cc1b9_JaffaCakes118
Size

354KB
MD5

4f2d8bb1f96447d2caaf1e71d06cc1b9
SHA1

09540f4c5cf1846827241542bdee459ad9a42da8
SHA256

204e6d0a34efc884ebe85de278f9806ab9bcf2b587491dea24ef3979b5aed6a1
SHA512

74c19a7ddee24d9a11466edcbb0b8cbffd2b08c9025b94a488cc3ffeabb7d2c074edfd88191540d31ab7db2fe69c484bbbc50b233a6ae098df82f41bd2592f5e
SSDEEP

6144:jEp7pQMOtvhiNyVyZHbzU5/JMi+xLus/AWQB9X:apWhcyIZHnU5RPu4B9X

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
4f2d8bb1f96447d2caaf1e71d06cc1b9_JaffaCakes118

Files

4f2d8bb1f96447d2caaf1e71d06cc1b9_JaffaCakes118
.exe windows:6 windows x86 arch:x86

67b6c86a7ffc517e34d07d703895aacd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\differ\iron\track\SeeHas.pdb

Imports

kernel32

GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetACP
GetOEMCP
HeapReAlloc
SetFilePointerEx
LoadLibraryExW
WriteConsoleW
ReadConsoleW
SetEndOfFile
OutputDebugStringW
RemoveDirectoryA
GetEnvironmentVariableA
LoadLibraryA
TlsSetValue
TlsAlloc
FindClose
Sleep
WaitForSingleObject
SetEvent
VirtualProtectEx
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetModuleFileNameW
GetModuleFileNameA
CreateFileW
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
GetStringTypeW
GetLastError
HeapFree
CloseHandle
DuplicateHandle
GetCurrentProcess
RaiseException
RtlUnwind
GetCommandLineA
GetCPInfo
HeapAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
TerminateProcess
TlsGetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetProcAddress
IsProcessorFeaturePresent
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ExitProcess
GetModuleHandleExW
AreFileApisANSI
HeapSize
GetProcessHeap
IsDebuggerPresent
GetStdHandle
GetFileType
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
ReadFile
GetCurrentThreadId
SetStdHandle

user32

GetWindowTextLengthA
SystemParametersInfoA
IsDialogMessageA
SetWindowsHookExA
FrameRect
DrawFrameControl
ClientToScreen
FillRect
SetForegroundWindow
TrackPopupMenu
AppendMenuA
GetActiveWindow
RegisterClassExA
PostMessageA

gdi32

SelectObject
PatBlt
GetTextExtentPoint32A
SetPixel
StretchBlt

comctl32

ord6
CreateToolbarEx
ord17
PropertySheetA
DestroyPropertySheetPage
ImageList_SetOverlayImage

advapi32

StartServiceCtrlDispatcherA
SetServiceStatus
RegisterServiceCtrlHandlerA
QueryServiceStatus
OpenServiceA
OpenSCManagerA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyA
RegEnumKeyA
RegCreateKeyExA
RegCloseKey
LookupPrivilegeValueA
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
FreeSid
AllocateAndInitializeSid
OpenThreadToken
OpenProcessToken

dbghelp

MiniDumpWriteDump

rasapi32

RasHangUpA
RasGetConnectStatusA
RasEnumConnectionsA

Sections

.text
Size: 182KB - Virtual size: 182KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

67b6c86a7ffc517e34d07d703895aacd

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comctl32

advapi32

dbghelp

rasapi32

Sections

.text Size: 182KB - Virtual size: 182KB

.rdata Size: 98KB - Virtual size: 97KB

.data Size: 7KB - Virtual size: 42KB

.rsrc Size: 57KB - Virtual size: 56KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 182KB - Virtual size: 182KB

.rdata
Size: 98KB - Virtual size: 97KB

.data
Size: 7KB - Virtual size: 42KB

.rsrc
Size: 57KB - Virtual size: 56KB

.reloc
Size: 8KB - Virtual size: 8KB