8af726850d90d8897096429c8f677fb9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8af726850d90d8897096429c8f677fb9_JaffaCakes118
Size

226KB
MD5

8af726850d90d8897096429c8f677fb9
SHA1

fb3a0b470cfe24b44f9fa711dda456cfac588fb1
SHA256

f0aa38900f76f8e7470ab4f7b0b1c72bf1404e7a727b31522e1a9c1cef249644
SHA512

8ea14ea1b1dab754b8015fc85b634005d954997a08e8439d70770b839de8baaf6db1cfe99f1475c491fa885a45ab60a2d0855c85994e3db92858e28054d9e985
SSDEEP

3072:/ersCUYBmxZzh6CzX4XSk/HvaTeFjpPWbpteEJWyQBi111y0nLA3lfh46cPmcSQ:/eoumH/zf8aT2jpuPXg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8af726850d90d8897096429c8f677fb9_JaffaCakes118

Files

8af726850d90d8897096429c8f677fb9_JaffaCakes118
.exe windows:5 windows x86 arch:x86

428d1afaea0d11411dca4a346add570d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_SYSTEM

Imports

version

GetFileVersionInfoSizeW

advapi32

LookupPrivilegeNameW
LogonUserA
CryptHashSessionKey
QueryUsersOnEncryptedFile
GetSidIdentifierAuthority
GetServiceDisplayNameW
InitiateSystemShutdownA
EqualPrefixSid
TreeResetNamedSecurityInfoW

ntdll

strcmp

gdi32

GetLogColorSpaceA
GetFontLanguageInfo
GetCurrentPositionEx
GetObjectW
GetObjectType
GetPolyFillMode

ws2_32

shutdown
getservbyname

shlwapi

GetMenuPosFromID
SHDeleteValueA
HashData

wininet

DeleteUrlCacheEntryW
FindNextUrlCacheEntryW
InternetGoOnline

ole32

CoUninitialize
CoTaskMemFree
MkParseDisplayName

oleaut32

SystemTimeToVariantTime
LoadTypeLi
VariantTimeToSystemTime
GetRecordInfoFromGuids

clusapi

GetClusterFromResource

shell32

ExtractIconA

msvcrt

fgetws
realloc
fputws

user32

GetMenuItemRect
GetThreadDesktop
LoadCursorW
GetMenuState
ReleaseCapture
GetPriorityClipboardFormat
GetLastActivePopup
GetMenuContextHelpId
GetComboBoxInfo
FindWindowW
ExcludeUpdateRgn
DdeClientTransaction
DrawMenuBar
DeferWindowPos
LockWorkStation
GetWindowTextA
ChangeMenuA
PostQuitMessage
LoadAcceleratorsA
FlashWindowEx
DestroyCaret
CreateIconFromResource
GetDialogBaseUnits
GetTabbedTextExtentW
GetMenuItemCount
GetKeyboardLayout
GetWindowRgn
GetWindowLongW
LookupIconIdFromDirectoryEx
IsWindowVisible
GetWindowPlacement
CharNextW
DrawTextW

kernel32

GetPrivateProfileSectionW
EnumResourceTypesA
GetCurrentProcess
LocalUnlock
GetProfileSectionA
IsValidLocale
GetPrivateProfileStringA
GetComputerNameExW
LocalFree
MapViewOfFile
GetSystemDirectoryA
WriteProfileStringA
GetVolumePathNamesForVolumeNameW
GetLogicalDrives
DeactivateActCtx
IsWow64Process
GetWindowsDirectoryA
EnumResourceNamesW
GetTimeZoneInformation
GetAtomNameA
DebugActiveProcess
GetVolumeInformationA
GetTimeFormatW
GlobalAddAtomA
GetTapePosition
GetLocalTime
FindAtomW
GetModuleFileNameW
GetOverlappedResult
GetCurrentDirectoryA
GetConsoleCursorInfo
GetShortPathNameA
FindResourceExW
GetCurrentThread
GetThreadSelectorEntry
GetSystemTime
GetPrivateProfileIntW
ReadFile
GetTapeStatus
GetSystemWindowsDirectoryA
GetExitCodeThread
GetSystemPowerStatus
FlushFileBuffers
GetConsoleMode
QueryIdleProcessorCycleTime
GetFileType
FlsGetValue
GetModuleHandleA
GetThreadLocale

setupapi

SetupDiGetClassDescriptionExW

secur32

DecryptMessage

esent

JetTerm2

rpcrt4

RpcServerListen
RpcRaiseException

urlmon

CoGetClassObjectFromURL

rasapi32

RasGetEapUserIdentityA

winspool.drv

DeletePortW

winmm

mmioSendMessage

Sections

.text
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CODE
Size: 92KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CONST
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.crt1
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

428d1afaea0d11411dca4a346add570d

Headers

DLL Characteristics

File Characteristics

Imports

version

advapi32

ntdll

gdi32

ws2_32

shlwapi

wininet

ole32

oleaut32

clusapi

shell32

msvcrt

user32

kernel32

setupapi

secur32

esent

rpcrt4

urlmon

rasapi32

winspool.drv

winmm

Sections

.text Size: 127KB - Virtual size: 126KB

CODE Size: 92KB - Virtual size: 100KB

CONST Size: 5KB - Virtual size: 4KB

.crt1 Size: 1024B - Virtual size: 944B

.text
Size: 127KB - Virtual size: 126KB

CODE
Size: 92KB - Virtual size: 100KB

CONST
Size: 5KB - Virtual size: 4KB

.crt1
Size: 1024B - Virtual size: 944B