a2f816c02acd5aee421202ebc5ffe439_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a2f816c02acd5aee421202ebc5ffe439_JaffaCakes118
Size

713KB
MD5

a2f816c02acd5aee421202ebc5ffe439
SHA1

1a0fca1e149e1805a7674b943e1a721ef6ee7c42
SHA256

38cd633126b8270446417a496a235290aec9ad5e07a42037afd86b267ac799bc
SHA512

ea8bf2c8d5573fabe6cde7687bb5c9f6f1e459ef89d856b5ded0eba85b14b4e2b3d217537c298d0f905f44b3edc62c6c09c7ce1fbf86271f987a84836af6b903
SSDEEP

12288:2jm+8pDnd+NSKGqnlQ5Nn1mzTaoV7ygTeA9vsBJtcREcEmHm+RGqFr7sIyMZ9qjM:Wxc+NpXmrmzWK7xiAuBJtIEDIr3+MP9H

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a2f816c02acd5aee421202ebc5ffe439_JaffaCakes118

Files

a2f816c02acd5aee421202ebc5ffe439_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a40f1e9c31f57bff997ce925a0ff7186

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThreadId
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
InterlockedCompareExchange
Sleep
InterlockedExchange
GetCurrentProcess
GetModuleHandleA
GetProcAddress
GetCommandLineA
QueryPerformanceFrequency
CreateEventA
SetEvent

advapi32

RegOpenKeyExW
RegQueryValueExW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW

inetcomm

HrAttachDataFromFile
MimeOleCreateHeaderTable
MimeOleSetBodyPropW

version

GetFileVersionInfoW
VerLanguageNameA
VerFindFileA
GetFileVersionInfoA
GetFileVersionInfoSizeW

ssdpapi

SsdpStartup
FindServices

adsldp

DllCanUnloadNow
DllGetClassObject

fontsub

CreateFontPackage
MergeFontPackage

cryptdll

CDRegisterCSystem
CDRegisterRng
CDLocateCSystem
CDLocateCheckSum
MD5Final
CDGenerateRandomBits

console

CPlApplet

iyuv_32

DriverProc
DllMain
DriverDialogProc
AboutDialogProc

netid

CreateNetIDPropertyPage
ShowDcNotFoundErrorDialog

samlib

SamOpenGroup
SamCloseHandle
SamGetGroupsForUser
SamiEncryptPasswords
SamiSetDSRMPasswordOWF
SamChangePasswordUser2
SamSetSecurityObject
SamQueryInformationAlias

qdv

DllRegisterServer
DllUnregisterServer
DllCanUnloadNow

Sections

.text
Size: 230KB - Virtual size: 230KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 455KB - Virtual size: 670KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a40f1e9c31f57bff997ce925a0ff7186

Headers

File Characteristics

Imports

kernel32

advapi32

inetcomm

version

ssdpapi

adsldp

fontsub

cryptdll

console

iyuv_32

netid

samlib

qdv

Sections

.text Size: 230KB - Virtual size: 230KB

.rdata Size: 13KB - Virtual size: 12KB

.data Size: 455KB - Virtual size: 670KB

.rsrc Size: 12KB - Virtual size: 11KB

.text
Size: 230KB - Virtual size: 230KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 455KB - Virtual size: 670KB

.rsrc
Size: 12KB - Virtual size: 11KB