803f0eeb1a49792e59dbdaf1fde10482_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

803f0eeb1a49792e59dbdaf1fde10482_JaffaCakes118
Size

132KB
MD5

803f0eeb1a49792e59dbdaf1fde10482
SHA1

f30501e0da856887a8f0e936c4d677d4519b4af1
SHA256

374b9181498e0bb1c83f04d8e2f7b0ae2e36557a20ddd8aaf90526f339ec037d
SHA512

53b58369e61d6d0cfe910c70b09a5a238bf3ba6cc727df068b419d712847cfdc06f9f7494ae6774a089872fe115d0da6db5a0d25e7b5a8e1aa0637dab91e2d17
SSDEEP

1536:1z4Gz1l3eXZdZPTTuy69W5JKXhrGgtg5egL/J1FpFHWQ27Vb5GLrnMlVvnYfxbaU:1zh9czZPXaJrGfem/3lWlh9uMsOODj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
803f0eeb1a49792e59dbdaf1fde10482_JaffaCakes118

Files

803f0eeb1a49792e59dbdaf1fde10482_JaffaCakes118
.exe windows:6 windows x86 arch:x86

e64842f331171f7207827352a23f87be

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

PDA.pdb

Imports

advapi32

MapGenericMask
GetSecurityDescriptorRMControl
AddAccessAllowedAce

iphlpapi

GetIcmpStatistics

kernel32

ReleaseActCtx
GetThreadLocale
SetThreadPreferredUILanguages
GetProcessAffinityMask
WaitForSingleObject
GetCurrentThreadId
GetProcessTimes
HeapAlloc
LocalLock
GetSystemTimes
GetCommandLineW
GetTimeZoneInformation
lstrcmpiA
GetProcessIdOfThread

wininet

InternetClearAllPerSiteCookieDecisions

msvcrt

isdigit
wcstol

user32

DeleteMenu
TileWindows
UnregisterHotKey
GetMessageExtraInfo
IsClipboardFormatAvailable
CreateIconFromResourceEx
LogicalToPhysicalPoint
GetCursorPos
DestroyMenu
MessageBoxW
CallMsgFilterA
CreateIcon

cfgmgr32

CM_Get_Res_Des_Data_Ex

winspool.drv

GetPrinterW

netapi32

NetApiBufferAllocate

crypt32

CertFindCTLInStore

urlmon

CoInternetGetSession

ole32

OleQueryLinkFromData

gdi32

SetROP2
SetPixel
SetColorSpace
GetFontLanguageInfo
DescribePixelFormat

Sections

DATA
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CODE
Size: 100KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e64842f331171f7207827352a23f87be

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

iphlpapi

kernel32

wininet

msvcrt

user32

cfgmgr32

winspool.drv

netapi32

crypt32

urlmon

ole32

gdi32

Sections

DATA Size: 12KB - Virtual size: 9KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 9KB

CODE Size: 100KB - Virtual size: 96KB

.rsrc Size: 4KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 324B

DATA
Size: 12KB - Virtual size: 9KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 9KB

CODE
Size: 100KB - Virtual size: 96KB

.rsrc
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 324B