9d42448d445889729d05afa64cd39061_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

9d42448d445889729d05afa64cd39061_JaffaCakes118
Size

552KB
MD5

9d42448d445889729d05afa64cd39061
SHA1

20811b98f34542ea84de7a78ab4194eadf845953
SHA256

8f71619711cfd665a7b059a40e5dff6cf9eb986acfb496f3fcb3ab0f1be2d931
SHA512

8e9ee11d169062a06b05e4e12a65c2f997e5ec0f3187e36117ff83c50578b5571ad5f9fd529ae6612315062be52b5d6604c26de8e6f668433cd7a71892b8ba4b
SSDEEP

3072:Lp6jcW+xtbvUifPdlOwheGzt0rL84tRshFc1eOOFJuCy4A:LprbJfvOXGB2LJtR0FHv4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9d42448d445889729d05afa64cd39061_JaffaCakes118

Files

9d42448d445889729d05afa64cd39061_JaffaCakes118
.exe windows:5 windows x86 arch:x86

90a1decb6e794ed94290e8b82aad6163

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

berJRWehwbenETMBwvev324Y123rFGBE.Pdb

Imports

shlwapi

PathFileExistsA
StrTrimA
PathRemoveFileSpecA
SHRegGetUSValueA

winspool.drv

DeletePrinterDriverExW

mscms

CloseColorProfile

comdlg32

CommDlgExtendedError
GetSaveFileNameA

msi

ord29

wininet

InternetOpenUrlA
InternetFindNextFileA

rpcrt4

RpcServerUseProtseqIfW

ntdll

strlen
RtlInterlockedPopEntrySList
memset
RtlCompareMemory

crypt32

CertOpenSystemStoreA
CryptMsgDuplicate

user32

EnumChildWindows
GetUpdateRgn
GetMenuState
RealGetWindowClassA
ToAsciiEx
BeginPaint
FlashWindow
BeginDeferWindowPos
WaitMessage
EnumWindows

imm32

ImmGetContext

lz32

LZInit
LZSeek

netapi32

NetApiBufferSize
NetGroupGetUsers

msvfw32

ICLocate

rasapi32

RasFreeEapUserIdentityW

gdi32

CreatePatternBrush
OffsetClipRgn
Arc
StrokePath
GetGlyphOutlineW
GetClipRgn
GetSystemPaletteEntries
SelectObject
GdiSetBatchLimit
MaskBlt
Polyline
GetKerningPairsA
EnumObjects
BitBlt
RectVisible
LineTo

cfgmgr32

CM_Locate_DevNodeW

pdh

PdhMakeCounterPathW

ole32

OleConvertOLESTREAMToIStorage
CoDisconnectObject
OleSetContainedObject

winmm

GetDriverModuleHandle
PlaySoundA
mixerGetLineControlsW
midiInAddBuffer
midiInGetDevCapsA

kernel32

WaitForMultipleObjectsEx
TransmitCommChar
GetConsoleTitleW
lstrcpynA
GetModuleHandleExW
GetNamedPipeInfo
GetModuleHandleA
GetSystemTimes
SetConsoleHistoryInfo
GetLocalTime
GetBinaryTypeW
GetLongPathNameA
CommConfigDialogA
lstrcatA
GetBinaryTypeA
OpenMutexA

version

VerQueryValueW

msacm32

acmStreamOpen

Sections

.text
Size: 492KB - Virtual size: 490KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

90a1decb6e794ed94290e8b82aad6163

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

winspool.drv

mscms

comdlg32

msi

wininet

rpcrt4

ntdll

crypt32

user32

imm32

lz32

netapi32

msvfw32

rasapi32

gdi32

cfgmgr32

pdh

ole32

winmm

kernel32

version

msacm32

Sections

.text Size: 492KB - Virtual size: 490KB

.data Size: 48KB - Virtual size: 52KB

.idata Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 1024B

.text
Size: 492KB - Virtual size: 490KB

.data
Size: 48KB - Virtual size: 52KB

.idata
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 1024B