6bf45b695c31bf5dbc059dad692e6ad1_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

6bf45b695c31bf5dbc059dad692e6ad1_JaffaCakes118
Size

576KB
MD5

6bf45b695c31bf5dbc059dad692e6ad1
SHA1

d751433c4528b4999a0df31c6d9e4c10602497cd
SHA256

59b2fb7570bee0d8c7602b8c7b489fc6a6b6dff2ab6671d9b1d2ef339b7b020a
SHA512

e22ea4ca40ae4053819a74a5f690a4ac63dc0b5e6707de390b974e16f17d99fe650770153543e1b753865437a1707ec8085f9f00b9d5af150d4fe46b77507da0
SSDEEP

3072:dMEPRirOdRTsSkHGXyMOrYOXuJwn44oQ4SYGSicM:dHQOdRQSkHGBAYwdnYGk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
6bf45b695c31bf5dbc059dad692e6ad1_JaffaCakes118

Files

6bf45b695c31bf5dbc059dad692e6ad1_JaffaCakes118
.exe windows:5 windows x86 arch:x86

706ffed85e83ed5ae45f995e942bd0f8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

her2$je.Pdb

Imports

urlmon

GetClassFileOrMime

kernel32

VirtualFreeEx
GetLastError
GetCommState
FreeConsole
VirtualFree
GetPrivateProfileStringA
GetSystemWindowsDirectoryW
GetComputerNameExW
FormatMessageA
lstrcmpiW
GetComputerNameW
GetStdHandle
EnumSystemCodePagesW
LocalFlags
GetDynamicTimeZoneInformation
GetSystemTimes
SetConsoleHistoryInfo
EnumSystemCodePagesA
GetProfileIntA
GetLogicalDrives
DeleteAtom
lstrcmpA
GetPrivateProfileStructA
EraseTape
FindFirstChangeNotificationW
FindNextVolumeMountPointW
ExpandEnvironmentStringsA
DefineDosDeviceW
GetVolumeNameForVolumeMountPointW
WriteProfileStringA
DecodePointer
WriteProfileStringW
LoadResource
GetCalendarInfoW
GetProfileStringW
WriteProcessMemory
lstrcpyA
GetProfileSectionW
GetCurrentThread
FlushConsoleInputBuffer
GetCurrentProcess
GetProcessTimes
GetStringTypeW
GetUserDefaultLCID
GetTempPathA
GetStringTypeExA
GetOverlappedResult
EscapeCommFunction
GetFileType
GetVolumeInformationA
GetMailslotInfo
GetDriveTypeW
GetFileAttributesA
FindCloseChangeNotification
GetQueuedCompletionStatus
GetProcessId
DeleteFileW

lz32

LZSeek

comdlg32

GetOpenFileNameA

gdi32

DeleteDC
GetSystemPaletteEntries
GdiSetBatchLimit
FillRgn
DeleteObject
EqualRgn
LineDDA
GetCharWidth32A
GetCharWidthFloatA
GetMetaFileA
GetTextExtentPointW
ExtCreatePen
GetTextExtentPoint32W
GdiFlush
GetWorldTransform
ExtCreateRegion
GdiComment
FillPath
GetMiterLimit
GetFontData
GetRandomRgn
GetDeviceCaps
GetViewportExtEx
GetTextColor

mscms

GetStandardColorSpaceProfileW

oleaut32

GetRecordInfoFromGuids
GetRecordInfoFromTypeInfo

winspool.drv

FindClosePrinterChangeNotification
GetPrinterW

shell32

ExtractIconW
FindExecutableA

clusapi

GetClusterFromResource

msvcrt

strtol
fwprintf
tolower
fwrite
vfprintf
memset
strcmp
strcspn

secur32

DecryptMessage
EnumerateSecurityPackagesW

advapi32

GetFileSecurityA
IsValidSid
FreeEncryptionCertificateHashList
InitiateSystemShutdownA
GetSecurityDescriptorOwner
GetWindowsAccountDomainSid
InitializeSid
InitiateSystemShutdownExW
GetOldestEventLogRecord
LogonUserExW
GetSidSubAuthority
GetEventLogInformation

user32

GetDlgItemTextA
GetUserObjectSecurity
DrawFocusRect
LoadIconA
DeferWindowPos
DefDlgProcA
GetMenuStringW
GetCursorInfo
GetWindowTextW
DrawTextExW
FindWindowExW
GetDialogBaseUnits
DestroyCaret
GetWindowTextA
GetTopWindow
DrawIconEx
GetRawInputDeviceList
GetMessageW
LoadImageW
GetTitleBarInfo
GetMenuBarInfo
GetMessageExtraInfo
GetSysColor
GetClipboardSequenceNumber
DestroyAcceleratorTable
GetProcessDefaultLayout
GetClassInfoExW
GetClassNameW
GetWindowLongW
GetMenuItemID
DrawMenuBar
GetWindowTextLengthW
GetScrollRange
EnumWindows
FindWindowA
LoadImageA
DefWindowProcA

Sections

.text
Size: 508KB - Virtual size: 505KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

706ffed85e83ed5ae45f995e942bd0f8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

urlmon

kernel32

lz32

comdlg32

gdi32

mscms

oleaut32

winspool.drv

shell32

clusapi

msvcrt

secur32

advapi32

user32

Sections

.text Size: 508KB - Virtual size: 505KB

.data Size: 52KB - Virtual size: 57KB

.idata Size: 8KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 816B

.text
Size: 508KB - Virtual size: 505KB

.data
Size: 52KB - Virtual size: 57KB

.idata
Size: 8KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 816B