9c97bd4cdc983fe05b5f1066892bfa67_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

9c97bd4cdc983fe05b5f1066892bfa67_JaffaCakes118
Size

140KB
MD5

9c97bd4cdc983fe05b5f1066892bfa67
SHA1

08c8c2b59ce47bde2d4d3ca2b5dd110ebe1d05da
SHA256

4303ba683ff2350ccc3503536ceec2106fe6b540e09923a4f8b3a0c00d9d0a90
SHA512

a425f753e6ba18fc1d5e721948bc214473757ac5f714fdd09492768484c65d869444ef329810072463282dd142518422a3d9fca6a48b89ec1be911b7566b9d67
SSDEEP

3072:dw6BHAmvGqqNQ+meDiXg2+0gxp1E5MdW97qbqTdCtGaQ+0q:dw6BdxgiMpooW9+bJI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9c97bd4cdc983fe05b5f1066892bfa67_JaffaCakes118

Files

9c97bd4cdc983fe05b5f1066892bfa67_JaffaCakes118
.exe windows:6 windows x86 arch:x86

acbfc202929d0ba7fbe935e64ae65537

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

cfgmgr32

CM_Query_Resource_Conflict_List
CM_Get_First_Log_Conf

pdh

PdhEnumObjectsW

oleaut32

DispGetParam

winmm

mixerSetControlDetails

urlmon

CoInternetCreateZoneManager

rasapi32

RasGetConnectStatusW

ole32

CoFileTimeNow
IIDFromString
HGLOBAL_UserSize
OleGetAutoConvert

crypt32

CryptMsgGetAndVerifySigner
CertFindCRLInStore
CryptSignCertificate
CertCreateCTLContext

gdi32

GetWinMetaFileBits
EndPath
AddFontResourceW

user32

ToUnicode
InvalidateRect
InsertMenuItemW
NotifyWinEvent
MapDialogRect
AddClipboardFormatListener
GetClassInfoExW
LoadMenuA
PackDDElParam
GetUpdateRect
LockSetForegroundWindow
TrackMouseEvent
GetScrollInfo
BeginDeferWindowPos
CreatePopupMenu
GetDesktopWindow

kernel32

GetCommandLineW
FoldStringW
FileTimeToDosDateTime
GetCurrentProcessId
GetThreadLocale
ReleaseSemaphore
CloseHandle
GetTapePosition
GetNLSVersionEx
GetModuleHandleA
LocalFree
CreateWaitableTimerA
CreateActCtxW
EnumResourceNamesA
GetDiskFreeSpaceExA
FindResourceExW

shell32

SHGetFolderLocation

shlwapi

StrCmpNIW
StrDupA
PathIsRootW
PathIsUNCW

rpcrt4

I_RpcServerRegisterForwardFunction
RpcBindingFromStringBindingW
UuidIsNil
I_RpcSessionStrictContextHandle
NdrAllocate

advapi32

GetLengthSid
IsTokenRestricted
RevertToSelf
CryptGetProvParam
SetEntriesInAclW

secur32

AcceptSecurityContext
VerifySignature

powrprof

GetActivePwrScheme

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

acbfc202929d0ba7fbe935e64ae65537

Headers

DLL Characteristics

File Characteristics

Imports

cfgmgr32

pdh

oleaut32

winmm

urlmon

rasapi32

ole32

crypt32

gdi32

user32

kernel32

shell32

shlwapi

rpcrt4

advapi32

secur32

powrprof

Sections

.text Size: 16KB - Virtual size: 15KB

.rdata Size: 108KB - Virtual size: 106KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 528B

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 108KB - Virtual size: 106KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 528B