5e36afed29152d255917c929aeb24d36_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5e36afed29152d255917c929aeb24d36_JaffaCakes118
Size

580KB
MD5

5e36afed29152d255917c929aeb24d36
SHA1

dc83a363cf48a4e6b00d987355a54229ce560715
SHA256

88b0f380ac61c85369957353e51105296186e7248f72c49be0335bf39c6d2221
SHA512

73e027c062b9b121d33e61a695ba923e23d29112c3e74c2f5ea6b14327ceff8b54e739e048e93862818d4cc25d40b69cafa87399cad7015c63d91c2fbcc002be
SSDEEP

6144:1ThejYDPouvuEycclXodrjgW4+r8faXu6u:1lejYDP3vuEMlXodfgW/r85

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5e36afed29152d255917c929aeb24d36_JaffaCakes118

Files

5e36afed29152d255917c929aeb24d36_JaffaCakes118
.exe windows:5 windows x86 arch:x86

fb097273b714d9426c4879c47e6ac311

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

her2$je.Pdb

Imports

lz32

LZSeek

oleaut32

GetRecordInfoFromTypeInfo
GetRecordInfoFromGuids

msvcrt

strcmp
vfprintf
fwrite
strtol
tolower
strcspn
memset
fwprintf

comdlg32

GetOpenFileNameA

shell32

FindExecutableA
ExtractIconW

kernel32

DeleteFileW
EraseTape
GetTempPathA
GetProfileSectionW
GetSystemWindowsDirectoryW
GetPrivateProfileStringA
GetProcessId
FindNextVolumeMountPointW
GetProcessTimes
GetFileAttributesA
GetDriveTypeW
EnumSystemCodePagesW
GetMailslotInfo
GetComputerNameExW
GetCurrentProcess
GetComputerNameW
GetVolumeNameForVolumeMountPointW
FindCloseChangeNotification
VirtualFree
GetCurrentThread
GetStringTypeW
GetLogicalDrives
GetProfileIntA
GetProfileStringW
GetStringTypeExA
lstrcmpA
GetOverlappedResult
WriteProfileStringA
DeleteAtom
EnumSystemCodePagesA
GetPrivateProfileStructA
GetSystemTimes
SetConsoleHistoryInfo
GetDynamicTimeZoneInformation
DefineDosDeviceW
lstrcpyA
FlushConsoleInputBuffer
GetVolumeInformationA
LoadResource
DecodePointer
GetUserDefaultLCID
GetQueuedCompletionStatus
FormatMessageA
WriteProfileStringW
FindFirstChangeNotificationW
lstrcmpiW
GetFileType
GetCommState
EscapeCommFunction
FreeConsole
LocalFlags
WriteProcessMemory
GetLastError
GetCalendarInfoW
VirtualFreeEx
GetStdHandle
ExpandEnvironmentStringsA

winspool.drv

FindClosePrinterChangeNotification
GetPrinterW

advapi32

GetEventLogInformation
GetSidSubAuthority
InitiateSystemShutdownExW
GetOldestEventLogRecord
InitializeSid
GetSecurityDescriptorOwner
IsValidSid
InitiateSystemShutdownA
GetFileSecurityA
LogonUserExW
GetWindowsAccountDomainSid
FreeEncryptionCertificateHashList

clusapi

GetClusterFromResource

user32

GetWindowLongW
GetMenuItemID
DrawTextExW
DrawMenuBar
GetMenuStringW
DrawIconEx
GetProcessDefaultLayout
DrawFocusRect
DeferWindowPos
GetWindowTextW
DestroyCaret
EnumWindows
DefWindowProcA
GetMessageExtraInfo
GetRawInputDeviceList
GetScrollRange
GetDialogBaseUnits
GetMessageW
FindWindowExW
GetSysColor
GetDlgItemTextA
GetWindowTextLengthW
LoadIconA
GetTitleBarInfo
GetClipboardSequenceNumber
GetCursorInfo
DefDlgProcA
GetClassInfoExW
DestroyAcceleratorTable
GetClassNameW
GetUserObjectSecurity
GetMenuBarInfo
LoadImageA
GetTopWindow
FindWindowA
LoadImageW
GetWindowTextA

mscms

GetStandardColorSpaceProfileW

urlmon

GetClassFileOrMime

secur32

DecryptMessage
EnumerateSecurityPackagesW

gdi32

GetTextExtentPoint32W
ExtCreateRegion
GetViewportExtEx
GetMetaFileA
GetRandomRgn
GdiComment
ExtCreatePen
GetTextColor
GetFontData
GetWorldTransform
GetCharWidth32A
DeleteDC
EqualRgn
FillRgn
GetMiterLimit
DeleteObject
FillPath
GetDeviceCaps
GetTextExtentPointW
GetCharWidthFloatA
GdiFlush
GetSystemPaletteEntries
GdiSetBatchLimit
LineDDA

Sections

.text
Size: 508KB - Virtual size: 505KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fb097273b714d9426c4879c47e6ac311

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

lz32

oleaut32

msvcrt

comdlg32

shell32

kernel32

winspool.drv

advapi32

clusapi

user32

mscms

urlmon

secur32

gdi32

Sections

.text Size: 508KB - Virtual size: 505KB

.data Size: 56KB - Virtual size: 58KB

.idata Size: 8KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 816B

.text
Size: 508KB - Virtual size: 505KB

.data
Size: 56KB - Virtual size: 58KB

.idata
Size: 8KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 816B