59467386a0f8c5af5e2a2c5bab3304ff_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

59467386a0f8c5af5e2a2c5bab3304ff_JaffaCakes118
Size

136KB
MD5

59467386a0f8c5af5e2a2c5bab3304ff
SHA1

5b516636d640abcecc5d86181ac0edde51078dd1
SHA256

c906761eada01b61c5c20a38410d34f767369102366a51b3ee083c09ab0ae838
SHA512

1efeb0e873f32e509652615508319ec6995e2ff74482eee3a66d7ea2d87761bbe8729081188d35939319e5549f7fa20fa0c9518d911a1f485d9c229c2aa719f6
SSDEEP

1536:RIjBHP4tqJSkydHmJnEYLi2E9QIoJBfcteUwOZXr5sxpXcsYyUZoXR+v9Mcl9:a830JnDqQdbK5BZryjcsYk01l9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
59467386a0f8c5af5e2a2c5bab3304ff_JaffaCakes118

Files

59467386a0f8c5af5e2a2c5bab3304ff_JaffaCakes118
.exe windows:6 windows x86 arch:x86

95efef04e0f0ec83975f0908fcf31e08

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msacm32

acmStreamOpen

shlwapi

UrlIsW

winspool.drv

FindClosePrinterChangeNotification

gdi32

GetTextColor
CreateFontW
CreateRectRgnIndirect
CreatePenIndirect
SetPixel

netapi32

NetSessionGetInfo
NetGroupSetUsers

oleaut32

VarParseNumFromStr
DispCallFunc

wininet

InternetCrackUrlA

advapi32

GetSidSubAuthority
IsValidAcl
CryptSignHashW
AddUsersToEncryptedFile
StartServiceW
CryptImportKey
ObjectOpenAuditAlarmA

comctl32

ImageList_AddMasked

kernel32

GetCommandLineW
SetVolumeLabelW
HeapFree
GetLocalTime
CloseHandle
SetConsoleHistoryInfo
GetCurrentProcess
DeleteTimerQueueEx
GetPriorityClass
Thread32First
PeekConsoleInputA
GetProcessId
DisconnectNamedPipe
ScrollConsoleScreenBufferA

winscard

SCardEstablishContext

rpcrt4

RpcIfInqId
RpcMgmtIsServerListening
RpcBindingInqAuthClientW

user32

GetCapture
GetScrollRange
GetForegroundWindow
GetWindowTextLengthW
MoveWindow
ChangeDisplaySettingsW
GetScrollPos
IsZoomed

mprapi

MprAdminTransportGetInfo
MprAdminMIBEntryCreate

winmm

midiOutMessage

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.io
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.code
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

95efef04e0f0ec83975f0908fcf31e08

Headers

DLL Characteristics

File Characteristics

Imports

msacm32

shlwapi

winspool.drv

gdi32

netapi32

oleaut32

wininet

advapi32

comctl32

kernel32

winscard

rpcrt4

user32

mprapi

winmm

Sections

.text Size: 16KB - Virtual size: 14KB

.io Size: 40KB - Virtual size: 37KB

.data Size: 8KB - Virtual size: 14KB

.CRT Size: 4KB - Virtual size: 3KB

.qdata Size: 4KB - Virtual size: 1KB

.code Size: 52KB - Virtual size: 49KB

.rsrc Size: 4KB - Virtual size: 912B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 16KB - Virtual size: 14KB

.io
Size: 40KB - Virtual size: 37KB

.data
Size: 8KB - Virtual size: 14KB

.CRT
Size: 4KB - Virtual size: 3KB

.qdata
Size: 4KB - Virtual size: 1KB

.code
Size: 52KB - Virtual size: 49KB

.rsrc
Size: 4KB - Virtual size: 912B

.reloc
Size: 4KB - Virtual size: 3KB