95b761f657e225b033ebb6887356ffdf_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

95b761f657e225b033ebb6887356ffdf_JaffaCakes118
Size

473KB
MD5

95b761f657e225b033ebb6887356ffdf
SHA1

c2b540a20aefece0aaca2547d8c7ba729b9fb107
SHA256

7959814962b45eab4bfabeb67485ef7de4a497b5cf9b3fbe9f308b9386f486b1
SHA512

278f685041e738515a4f91119b8ebf102affbf950a2ee82e43f7004f217f76eb2f281e116d0df85d5ddef0bdf1d70e4af520b1d988d6c71a9ffabcdab2fc4b1d
SSDEEP

6144:B6f3gU/B57+vRUkp5L6LFgWysA5I/0mjM1dMNm/uIts4QqbMNVjcS:Bu3gU/B57+vweHmxNm/lpbMf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
95b761f657e225b033ebb6887356ffdf_JaffaCakes118

Files

95b761f657e225b033ebb6887356ffdf_JaffaCakes118
.exe windows:4 windows x86 arch:x86

07a34823be9ce9f86ad65905c7ec2029

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CancelIo
CloseHandle
CloseThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
CloseThreadpoolTimer
CloseThreadpoolWait
ConnectNamedPipe
CreateEventW
CreateMutexW
CreateNamedPipeW
CreateProcessW
CreateThreadpoolCleanupGroup
CreateThreadpoolTimer
CreateThreadpoolWait
DeleteCriticalSection
EnterCriticalSection
ExpandEnvironmentStringsW
GetModuleHandleA
GetOverlappedResult
GetProcAddress
GetSystemDirectoryW
GetSystemWow64DirectoryW
GetTickCount
HeapAlloc
HeapFree
HeapReAlloc
InitializeCriticalSection
IsBadStringPtrW
LeaveCriticalSection
ReadFile
ReleaseMutex
ResetEvent
RtlUnwind
SetEvent
SetThreadpoolTimer
SetThreadpoolWait
Sleep
TerminateProcess
TrySubmitThreadpoolCallback
WaitForMultipleObjects
WaitForSingleObject
WriteFile
lstrcmpW

ntdll

RtlMapGenericMask
__wine_make_process_system

advapi32

OpenProcessToken
RegCloseKey
RegCreateKeyExW
RegCreateKeyW
RegDeleteTreeW
RegDeleteValueW
RegEnumKeyW
RegOpenKeyExW
RegOpenKeyW
RegQueryValueExW
RegSetValueExW

rpcrt4

I_RpcGetBuffer
NdrAllocate
NdrComplexStructBufferSize
NdrComplexStructFree
NdrComplexStructMarshall
NdrComplexStructUnmarshall
NdrConformantArrayBufferSize
NdrConformantArrayFree
NdrConformantArrayMarshall
NdrConformantArrayUnmarshall
NdrConformantStringBufferSize
NdrConformantStringMarshall
NdrConformantStringUnmarshall
NdrContextHandleInitialize
NdrConvert
NdrNonEncapsulatedUnionBufferSize
NdrNonEncapsulatedUnionMarshall
NdrNonEncapsulatedUnionUnmarshall
NdrPointerBufferSize
NdrPointerFree
NdrPointerMarshall
NdrPointerUnmarshall
NdrServerContextNewMarshall
NdrServerContextNewUnmarshall
NdrServerInitializeNew
NdrSimpleStructBufferSize
NdrSimpleStructMarshall
NdrSimpleStructUnmarshall
NdrSimpleTypeUnmarshall
RpcMgmtStopServerListening
RpcMgmtWaitServerListen
RpcRaiseException
RpcServerListen
RpcServerRegisterIf
RpcServerUnregisterIf
RpcServerUseProtseqEpW

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW
SetupDiGetDeviceRegistryPropertyW

ucrtbase

__acrt_iob_func
__p___argc
__p___argv
__stdio_common_vsprintf
__stdio_common_vswprintf
_assert
_configure_narrow_argv
_get_initial_narrow_environment
_initialize_narrow_environment
_set_app_type
_strdup
_wcsicmp
_wcsnicmp
exit
free
fwrite
getenv
memcmp
memcpy
memmove
memset
qsort
strchr
strcmp
strcpy
strcspn
strlen
wcschr
wcstol

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

Sections

.text
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 384B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 4KB - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 152KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

07a34823be9ce9f86ad65905c7ec2029

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ntdll

advapi32

rpcrt4

setupapi

ucrtbase

userenv

Sections

.text Size: 92KB - Virtual size: 91KB

.data Size: 4KB - Virtual size: 456B

.rdata Size: 12KB - Virtual size: 9KB

.bss Size: - Virtual size: 384B

.idata Size: 8KB - Virtual size: 4KB

/4 Size: 4KB - Virtual size: 320B

/19 Size: 152KB - Virtual size: 149KB

/31 Size: 8KB - Virtual size: 6KB

/45 Size: 64KB - Virtual size: 63KB

/57 Size: 12KB - Virtual size: 10KB

/70 Size: 4KB - Virtual size: 3KB

/81 Size: 56KB - Virtual size: 54KB

.text
Size: 92KB - Virtual size: 91KB

.data
Size: 4KB - Virtual size: 456B

.rdata
Size: 12KB - Virtual size: 9KB

.bss
Size: - Virtual size: 384B

.idata
Size: 8KB - Virtual size: 4KB

/4
Size: 4KB - Virtual size: 320B

/19
Size: 152KB - Virtual size: 149KB

/31
Size: 8KB - Virtual size: 6KB

/45
Size: 64KB - Virtual size: 63KB

/57
Size: 12KB - Virtual size: 10KB

/70
Size: 4KB - Virtual size: 3KB

/81
Size: 56KB - Virtual size: 54KB