602698d9ef075c00937bb515997ffa44_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

602698d9ef075c00937bb515997ffa44_JaffaCakes118
Size

921KB
MD5

602698d9ef075c00937bb515997ffa44
SHA1

703ad51602a95057b25309f815486dfbde0b7ffd
SHA256

6c494628a846576cad4ad475fcefafb2128209764d4d9afb742b44601d8f4510
SHA512

111d1b5bef3905817a9a4c5e5f856ee749e0b1357ef315729e17de3f19b7b6d234dadf316b043f3accbbf81e09e684fc42d517e7b2d4ac0c6373d4c214ad9876
SSDEEP

24576:Qk1Nc+kW6K4zKNOEL4g0IDT+SSX0WiJ1N:R3TkWR4zKNOEMZILWiJ3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
602698d9ef075c00937bb515997ffa44_JaffaCakes118

Files

602698d9ef075c00937bb515997ffa44_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f69dfd6782480f925cbf83ad5095d112

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

dbg.pdb

Imports

kernel32

GetVersionExA
VirtualQuery
CopyFileA
lstrcmpiA
GetLastError
lstrcmpiA
GetSystemInfo
QueryDosDeviceA
GetDiskFreeSpaceA
GetProcAddress
lstrcpynA
FindResourceA
OpenMutexA
TlsGetValue
GetShortPathNameA
GetModuleHandleA
CreateEventW
lstrcmpA
GetComputerNameW
GetFullPathNameA
SetFileAttributesA
GetProcessHeap
GetStdHandle
GetLogicalDrives
SetStdHandle
FormatMessageA
lstrcmpiA
FileTimeToLocalFileTime
CreateMutexA
DeviceIoControl
GetEnvironmentVariableW

authz

AuthzInitializeContextFromSid
AuthzFreeContext
AuthzFreeAuditEvent
AuthzAddSidsToContext
AuthzFreeResourceManager

user32

GetCaretPos
SetCursorPos
GetWindowTextA
IsZoomed
DrawIcon
LoadCursorA
DialogBoxParamA
SetFocus
GetWindowLongA
IsCharLowerW
LoadImageA
wsprintfA
GetMessageW
DispatchMessageA

crypt32

CertCompareCertificate
CertSaveStore
CertDuplicateStore
CertGetNameStringA
CertOpenStore
CertFindExtension
CertCreateContext
CertFindAttribute
CertFindCRLInStore
CertCreateCRLContext
CertCloseStore
CertDuplicateCRLContext
CertFreeCRLContext

azroles

AzGetProperty
AzGroupCreate
AzGroupDelete

shlwapi

UrlCombineA
UrlIsNoHistoryA
UrlGetPartA
PathCombineA
UrlIsOpaqueA
UrlHashA
PathCommonPrefixA
PathCompactPathA
UrlCreateFromPathA
UrlCompareA

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 888KB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f69dfd6782480f925cbf83ad5095d112

Headers

File Characteristics

PDB Paths

Imports

kernel32

authz

user32

crypt32

azroles

shlwapi

Sections

.text Size: 25KB - Virtual size: 24KB

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 888KB - Virtual size: 2.4MB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 25KB - Virtual size: 24KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 888KB - Virtual size: 2.4MB

.reloc
Size: 2KB - Virtual size: 2KB