6ee81f19c0b8da85487a32edf30f5bb8_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

6ee81f19c0b8da85487a32edf30f5bb8_JaffaCakes118
Size

290KB
MD5

6ee81f19c0b8da85487a32edf30f5bb8
SHA1

b9d3243e178801d63948ff19cd8613baa1dfeee0
SHA256

55330a70b305c34a9bb3197912c3307f5880cde77cff782d509c05621e52e6ab
SHA512

9d7c313536e8809fca41ee52d708118abbf68a20dd616aaf1797e52015c876579aadc224672b98847859e9ff1ea932c43c1d52b9abe1a839b079e2bec0abe8d4
SSDEEP

3072:WH0jhuyeZ9/ulQy0tPzsJgSebg5FkmIyDZlGDBb2whiWz0YXdjyBBR5s2Kg0Y+PE:WHpL28QJgSebWTIyDZK2wh0YXd6BIu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
6ee81f19c0b8da85487a32edf30f5bb8_JaffaCakes118

Files

6ee81f19c0b8da85487a32edf30f5bb8_JaffaCakes118
.exe windows:5 windows x86 arch:x86

20f23014e13604ba04a51e90a23ad714

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

EWJtCompositionWinwreQQQQQQQQQQQQQQQQQQQQQQ####.pdb

Imports

winspool.drv

EnumPrinterDriversW

msvfw32

ICOpenFunction

secur32

EnumerateSecurityPackagesW

rpcrt4

RpcMgmtWaitServerListen
RpcServerRegisterAuthInfoW

mprapi

MprAdminMIBServerDisconnect
MprConfigTransportSetInfo

winmm

waveOutGetErrorTextW
waveInGetID
mixerGetControlDetailsW

netapi32

NetShareCheck

advapi32

RevertToSelf

user32

LockSetForegroundWindow
GetClassLongA
GetParent
GetCaretBlinkTime
DlgDirListA
CopyRect

msvcrt

ungetc

kernel32

FindCloseChangeNotification
LoadLibraryExW
GetProcessId
SetThreadIdealProcessor
VerifyScripts
UnhandledExceptionFilter
GetModuleHandleA
OutputDebugStringA
UnlockFileEx
SetVolumeLabelA
GetFileType
SetLocalTime
VerifyVersionInfoW
WTSGetActiveConsoleSessionId
FoldStringW
GetSystemWindowsDirectoryA

shlwapi

SHStrDupW
PathFindNextComponentW

comdlg32

GetSaveFileNameW

wininet

InternetReadFile
InternetWriteFile
InternetTimeToSystemTime
InternetGetConnectedState

winscard

SCardTransmit

ole32

GetHGlobalFromStream
OleRegGetUserType

wintrust

CryptCATPutAttrInfo

gdi32

SaveDC
OffsetRgn
SetDIBits
GetBrushOrgEx
GetTextCharacterExtra
SelectPalette
GetROP2
GetDIBColorTable

crypt32

CryptMsgGetAndVerifySigner

setupapi

SetupDiEnumDriverInfoW
SetupDiGetClassImageListExW

opengl32

glEvalCoord1f

oleaut32

VarParseNumFromStr
VariantTimeToSystemTime
VarBoolFromDate

powrprof

EnumPwrSchemes

lz32

LZSeek

Sections

.text
Size: 216KB - Virtual size: 216KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 51KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

20f23014e13604ba04a51e90a23ad714

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

winspool.drv

msvfw32

secur32

rpcrt4

mprapi

winmm

netapi32

advapi32

user32

msvcrt

kernel32

shlwapi

comdlg32

wininet

winscard

ole32

wintrust

gdi32

crypt32

setupapi

opengl32

oleaut32

powrprof

lz32

Sections

.text Size: 216KB - Virtual size: 216KB

.data Size: 51KB - Virtual size: 57KB

.idata Size: 3KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 904B

.reloc Size: 18KB - Virtual size: 17KB

.text
Size: 216KB - Virtual size: 216KB

.data
Size: 51KB - Virtual size: 57KB

.idata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 904B

.reloc
Size: 18KB - Virtual size: 17KB