6c27ee56acb54bd47148b73f92dedcab_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6c27ee56acb54bd47148b73f92dedcab_JaffaCakes118
Size

603KB
MD5

6c27ee56acb54bd47148b73f92dedcab
SHA1

ec7b5ed7ff45aa3ec9531b1a1e6897ea3d9e884c
SHA256

c9eb5c3abc94c837678bc893f656da72f6e4f378189ce8acafe6a59c28b8371c
SHA512

1359f81c52c98aab434911867b72befba2b67bf065a5b307862d080be259c892099da0b8798db3d95c1e61c8987a1a9c5cd1ddee239c2cb8c61500af39312a39
SSDEEP

12288:MNr6KnO+uh0Ohca7OhOnwlIImoW4wOzXdsD:Kjuh0OhcIWeWtRwAs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6c27ee56acb54bd47148b73f92dedcab_JaffaCakes118

Files

6c27ee56acb54bd47148b73f92dedcab_JaffaCakes118
.exe windows:5 windows x86 arch:x86

47c16a3e32fffa39f9256841add12e27

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED

Imports

atl

AtlAdvise

msls31

LsCompressSubline
LsCreateContext
LsCreateLine
LsCreateSubline
LsDestroyContext
LsDestroyLine
LsDestroySubline
LsDisplayLine
LsDisplaySubline
LsEnumLine
LsEnumSubline
LsExpandSubline
LsFindNextBreakSubline
LsFindPrevBreakSubline
LsFinishCurrentSubline
LsForceBreakSubline
LsGetHihLsimethods
LsGetLineDur
LsGetMinDurBreaks
LsGetReverseLsimethods
LsGetRubyLsimethods
LsGetWarichuLsimethods
LsLwMultDivR
LsMatchPresSubline
LsModifyLineHeight
LsPointUV2FromPointUV1
LsPointXYFromPointUV
LsQueryCpPpointSubline
LsQueryFLineEmpty
LsQueryLineCpPpoint
LsQueryLineDup

kernel32

AllocConsole
CreateFileA
GetWindowsDirectoryA
AllocConsole
AttachConsole
AllocConsole
GetCurrencyFormatA
QueryDosDeviceA
GetTempPathW
_lwrite
_lread

authz

AuthziFreeAuditParams
AuthziSourceAudit
AuthziInitializeAuditEvent
AuthziInitializeAuditEventType
AuthziInitializeAuditParams
AuthziInitializeAuditParamsFromArray
AuthziInitializeAuditParamsWithRM
AuthziInitializeAuditQueue
AuthziLogAuditEvent
AuthziModifyAuditEvent
AuthziModifyAuditEventType
AuthziModifyAuditQueue
AuthzFreeContext
AuthzFreeHandle
AuthziSourceAudit

advpack

AddDelBackupEntry
AddDelBackupEntry
AddDelBackupEntry
AddDelBackupEntry
AddDelBackupEntry
AddDelBackupEntry
AddDelBackupEntry
AddDelBackupEntry
AddDelBackupEntry
AddDelBackupEntry
AddDelBackupEntry
AddDelBackupEntry
AddDelBackupEntry
AddDelBackupEntry
AddDelBackupEntry
AddDelBackupEntry
AddDelBackupEntry
AddDelBackupEntry
AddDelBackupEntry
AddDelBackupEntry
AddDelBackupEntry
AddDelBackupEntry
AddDelBackupEntry

Sections

.text
Size: 28KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 270KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 549KB - Virtual size: 552KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

47c16a3e32fffa39f9256841add12e27

Headers

File Characteristics

Imports

atl

msls31

kernel32

authz

advpack

Sections

.text Size: 28KB - Virtual size: 35KB

.data Size: 13KB - Virtual size: 270KB

.rsrc Size: 549KB - Virtual size: 552KB

.text
Size: 28KB - Virtual size: 35KB

.data
Size: 13KB - Virtual size: 270KB

.rsrc
Size: 549KB - Virtual size: 552KB