87f7d16a939bef3104e4b825f739b3ed_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

87f7d16a939bef3104e4b825f739b3ed_JaffaCakes118
Size

216KB
MD5

87f7d16a939bef3104e4b825f739b3ed
SHA1

946766977f00456fdebaee13d03f798658754459
SHA256

d00ec2df23ddfdeb9bc66d8baa42ba69a07ac03aaa7520de1bc87b2329aa2fba
SHA512

14d84f97efd8b761b211e029c4315c4c4e061ef29cebcb8837003e789ddf0315b7428d8305aba1aecb2a44928b59760bcd4c1474b60568b7018dcc40f9aa5b94
SSDEEP

1536:1qEugnhpMscJecZOU9Kcy151mpnKWa2JSTQAsswynWH95bk1jfL6opI2/3Oo1L:1Eb0mHcTQUwxk1jz6yem

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
87f7d16a939bef3104e4b825f739b3ed_JaffaCakes118

Files

87f7d16a939bef3104e4b825f739b3ed_JaffaCakes118
.exe windows:5 windows x86 arch:x86

4a70bef1602edf1983ae4831acc5de1a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_SYSTEM

PDB Paths

twerkrtr###.pdb

Imports

lz32

LZSeek

wininet

InternetSetCookieA
InternetQueryDataAvailable

ntdll

RtlInterlockedPopEntrySList

ole32

HICON_UserMarshal
OleCreate
CoGetObjectContext
CoGetMalloc

oleaut32

VarDateFromR8
VarR8FromUI4

crypt32

CertSerializeCertificateStoreElement
CertEnumCRLsInStore

pdh

PdhBrowseCountersW

rpcrt4

NdrStubCall2
RpcMgmtEnableIdleCleanup
I_RpcMapWin32Status

shell32

ExtractAssociatedIconW

msacm32

acmStreamSize
acmDriverRemove

setupapi

SetupDiDrawMiniIcon
CM_Locate_DevNodeW

msvcrt

wprintf

winmm

mixerGetDevCapsW

secur32

EncryptMessage

kernel32

lstrlenA
CancelIo
FindFirstFileNameTransactedW
AttachConsole
Thread32Next
SetProcessWorkingSetSize
SetSystemTimeAdjustment
GetExitCodeThread
ExpandEnvironmentStringsA
ReadFile
VirtualProtectEx
GetNativeSystemInfo
SizeofResource
CreateDirectoryExW
SetEnvironmentVariableA
Process32Next
GetComputerNameExW
OpenThread
QueueUserWorkItem

user32

IsProcessDPIAware
DrawTextW
CopyImage
BroadcastSystemMessageA
DestroyWindow

shlwapi

SHDeleteKeyW
SHRegEnumUSValueW

iphlpapi

IpRenewAddress

msi

ord30

gdi32

GetObjectType

advapi32

CloseEncryptedFileRaw
AddAce

Sections

.text
Size: 168KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.CRT
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4a70bef1602edf1983ae4831acc5de1a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

lz32

wininet

ntdll

ole32

oleaut32

crypt32

pdh

rpcrt4

shell32

msacm32

setupapi

msvcrt

winmm

secur32

kernel32

user32

shlwapi

iphlpapi

msi

gdi32

advapi32

Sections

.text Size: 168KB - Virtual size: 165KB

.data Size: 32KB - Virtual size: 28KB

.idata Size: 4KB - Virtual size: 2KB

.CRT Size: 4KB - Virtual size: 4B

.rsrc Size: 4KB - Virtual size: 2KB

.text
Size: 168KB - Virtual size: 165KB

.data
Size: 32KB - Virtual size: 28KB

.idata
Size: 4KB - Virtual size: 2KB

.CRT
Size: 4KB - Virtual size: 4B

.rsrc
Size: 4KB - Virtual size: 2KB