6876afa341bef064704f03cb436b2788_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

6876afa341bef064704f03cb436b2788_JaffaCakes118
Size

198KB
MD5

6876afa341bef064704f03cb436b2788
SHA1

6ad3b90811db4893f82bb1c43ea4f19b08d63177
SHA256

92337a1dd1c57e1f8c234f28155137afe51e0296e078fd22e2e3875fe2352843
SHA512

3852c36927729fd1cb8081a91a1b0a25a072594bed99cd968cdf2326eb340552294241c995b38bc5bc44b66277f81240d741e8e3fbbd81f52af2ddee5a879eaf
SSDEEP

3072:R/Nsd/2MPfMbEXL7wPhkMYBav1FXqUQRB:VC5PUbTpkMY47XqU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
6876afa341bef064704f03cb436b2788_JaffaCakes118

Files

6876afa341bef064704f03cb436b2788_JaffaCakes118
.exe windows:5 windows x86 arch:x86

db07b0811d77210629cb000b2b47b6df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

herGRwehWEHWR#@HRHWR.pdb

Imports

esent

JetIntersectIndexes

advapi32

GetWindowsAccountDomainSid
IsTokenRestricted
QueryServiceLockStatusW
RegOpenKeyExW
LookupAccountNameW
RegDeleteKeyA
CryptGetDefaultProviderW
DuplicateEncryptionInfoFile
OpenBackupEventLogA
RegCreateKeyExA

kernel32

FindNextFileA
WriteFile
GetEnvironmentVariableW
Process32First
GetModuleHandleW
GetWindowsDirectoryW
ReadDirectoryChangesW
FlushProcessWriteBuffers
VerifyScripts
LocalLock
GetConsoleCP
VirtualUnlock
GlobalReAlloc
GetDynamicTimeZoneInformation
FlsFree
FindCloseChangeNotification

winscard

g_rgSCardRawPci

msi

ord30

msvfw32

DrawDibGetPalette

ole32

RegisterDragDrop
OleSetClipboard
OleDoAutoConvert
CreateAntiMoniker

pdh

PdhCloseQuery

shlwapi

PathRemoveExtensionA
PathAddBackslashW
PathCompactPathW
SHQueryInfoKeyW
StrPBrkW
PathCreateFromUrlA
StrRChrIA
AssocCreate

setupapi

CMP_WaitNoPendingInstallEvents
SetupFindNextMatchLineW
SetupPromptForDiskA

wintrust

WintrustRemoveActionID
CryptCATPersistStore

wininet

HttpOpenRequestA
HttpQueryInfoA

comctl32

ImageList_GetImageCount
ImageList_SetIconSize

msvcrt

iswalpha
towupper

powrprof

IsPwrHibernateAllowed

rasapi32

RasEnumConnectionsW

oleaut32

VarDateFromBool
SafeArrayCreateEx
VarUI2FromStr

imm32

ImmSetCompositionStringW
ImmReleaseContext

rpcrt4

I_RpcMapWin32Status
RpcMgmtStopServerListening
RpcErrorEndEnumeration
NdrInterfacePointerFree

user32

DlgDirListComboBoxW
CharToOemW
CreateWindowStationW
SetMenuItemInfoA
SetUserObjectInformationA
GetCaretPos
MessageBoxA
GetClipboardOwner
LoadKeyboardLayoutA
GetMenuContextHelpId
LockSetForegroundWindow

lz32

LZSeek

winmm

midiOutMessage

gdi32

GetRandomRgn
CopyMetaFileW
GetCharacterPlacementA
PaintRgn
GetColorAdjustment
EndPath

shell32

SHAddToRecentDocs

opengl32

glMap2f

crypt32

CertAddEncodedCertificateToStore
CryptSIPAddProvider

iphlpapi

GetIpForwardTable

Sections

.text
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 6KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 145KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

db07b0811d77210629cb000b2b47b6df

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

esent

advapi32

kernel32

winscard

msi

msvfw32

ole32

pdh

shlwapi

setupapi

wintrust

wininet

comctl32

msvcrt

powrprof

rasapi32

oleaut32

imm32

rpcrt4

user32

lz32

winmm

gdi32

shell32

opengl32

crypt32

iphlpapi

Sections

.text Size: 45KB - Virtual size: 44KB

DATA Size: 6KB - Virtual size: 12KB

.idata Size: 145KB - Virtual size: 144KB

.rsrc Size: 1024B - Virtual size: 824B

.text
Size: 45KB - Virtual size: 44KB

DATA
Size: 6KB - Virtual size: 12KB

.idata
Size: 145KB - Virtual size: 144KB

.rsrc
Size: 1024B - Virtual size: 824B