9106953baaeea3a29fd9dbea826c73ce_JaffaCakes118

General

Target

9106953baaeea3a29fd9dbea826c73ce_JaffaCakes118
Size

613KB
MD5

9106953baaeea3a29fd9dbea826c73ce
SHA1

f52b0d44ab3511d9ad23c2b4a2bf21c1b73d76e6
SHA256

cdb57a075dfc0352d699e4d87c14b576818364dfd50de866d3432f11c861255e
SHA512

34c39397b06a56abb125b48d504fbb56a64e01dbaabf190b00817808a9a7a1264764c18267da6d011f39fcb031d5757bae148b9f578644802ab31702d5a3c331
SSDEEP

12288:FqnN0gGchs357VNADAxDVdbJ5qAnh2yhWH/Y28/PAlBollCr9Cq:FqN0gGchsJ/oAxDVddnE/YtAfgq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9106953baaeea3a29fd9dbea826c73ce_JaffaCakes118

Files

9106953baaeea3a29fd9dbea826c73ce_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f91098e291a57d5b4e085e94e06654bc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_BIND

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

dbg.pdb

Imports

authz

AuthzFreeResourceManager
AuthzFreeContext
AuthzInitializeContextFromSid
AuthzFreeAuditEvent

user32

SetCursorPos
PostMessageA
GetMessageW
IsWindow
PeekMessageA
wsprintfA
SetFocus
IsZoomed
GetWindowTextA
LoadCursorA
DrawIcon
DispatchMessageA
GetCaretPos
LoadImageA
IsCharLowerW

msimg32

GradientFill
vSetDdrawflag
AlphaBlend
DllInitialize

wtsapi32

WTSUnRegisterSessionNotification
WTSSetSessionInformationA
WTSVirtualChannelPurgeInput
WTSRegisterSessionNotification
WTSEnumerateSessionsA
WTSVirtualChannelOpen
WTSSetUserConfigA
WTSVirtualChannelRead
WTSQueryUserToken
WTSQuerySessionInformationA
WTSSendMessageA
WTSVirtualChannelWrite

kernel32

GetFullPathNameA
GetLocalTime
OpenMutexA
VirtualQuery
GetStdHandle
CompareStringA
GetShortPathNameA
FindResourceA
lstrcmpiA
GetCurrentDirectoryW
ResetEvent
CopyFileA
SetFileAttributesW
FormatMessageA
FileTimeToSystemTime
lstrcmpA
GetProcessHeap
GetBinaryTypeW
TlsGetValue
GetModuleHandleA
SetStdHandle
GetLastError
GetFileType
CreateEventW
SetCurrentDirectoryA
GetProcAddress
InterlockedExchange

azroles

AzCloseHandle
AzGroupDelete
AzFreeMemory

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 568KB - Virtual size: 796KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f91098e291a57d5b4e085e94e06654bc

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

authz

user32

msimg32

wtsapi32

kernel32

azroles

Sections

.text Size: 39KB - Virtual size: 39KB

.data Size: 4KB - Virtual size: 7KB

.rsrc Size: 568KB - Virtual size: 796KB

.text
Size: 39KB - Virtual size: 39KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 568KB - Virtual size: 796KB