a1cb6b40b49d78103444c32f4f5c1022_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

a1cb6b40b49d78103444c32f4f5c1022_JaffaCakes118
Size

590KB
MD5

a1cb6b40b49d78103444c32f4f5c1022
SHA1

d911951b10b4c41239f639af8397fefbc9deed12
SHA256

aa36ae501dd09617500a6b38de7917dc5c7313fffb2841bcfdcafa9d567621f0
SHA512

e6b05658f34beff41d7fc13cfb4bd3cff776a24356cce78fb2c29002a4e451a40e019c806c824274fc41248582254320961f07d56b0a4fc38a2fb676045db1e4
SSDEEP

12288:/g2xN5Hef7wWHX+IuNEFVqhJuWYI17c8Z7zo1N9:LN5+f7t3cEFVq5Y0wu7zo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a1cb6b40b49d78103444c32f4f5c1022_JaffaCakes118

Files

a1cb6b40b49d78103444c32f4f5c1022_JaffaCakes118
.exe windows:4 windows x86 arch:x86

631e2d4578e5677fbfae05984f6ec325

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegReplaceKeyW
RegCreateKeyExA
LogonUserW
RegSaveKeyW
OpenEventLogA
RegOpenKeyA
RegEnumKeyA
RegUnLoadKeyW
OpenServiceA
RegDeleteValueA

cmpbk32

PhoneBookEnumNumbers
PhoneBookFreeFilter
PhoneBookLoad
PhoneBookCopyFilter
PhoneBookEnumCountries

dsprop

CrackName
CheckADsError

untfs

Format
FormatEx
Recover

shlwapi

UrlUnescapeW
UrlHashA
UrlCombineW
PathCombineA
UrlGetLocationW
UrlIsA
UrlIsNoHistoryW
UrlCompareA
UrlCanonicalizeW
UrlGetPartA
PathCompactPathW
PathCommonPrefixW

crypt32

CertCompareCertificate
CertRemoveStoreFromCollection
CertOpenStore
CertSaveStore
CertAlgIdToOID
CertGetNameStringA
CertDeleteCRLFromStore
CertFindChainInStore
CertFindCRLInStore
CertNameToStrA
CertDuplicateCRLContext
CryptEnumOIDInfo

clusapi

ClusterEnum
CloseClusterNode
CloseCluster
CloseClusterGroup

kernel32

FindNextFileA
GetModuleHandleA
FindClose
WriteConsoleA
lstrcmp
GetProcAddress
CreateProcessW
GetFileAttributesA
FindFirstFileW
CreateJobObjectA
GetConsoleTitleW
lstrcpy
CreateDirectoryA
OpenProcess
OpenThread
GetLogicalDriveStringsW
lstrcmpiA
WaitForSingleObject
DeleteFileA
GetCommandLineA
GetEnvironmentVariableW
GetPriorityClass
GetTempFileNameA
LoadLibraryA
CreateFileMappingW
FileTimeToSystemTime

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lock
Size: 523KB - Virtual size: 523KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

631e2d4578e5677fbfae05984f6ec325

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

cmpbk32

dsprop

untfs

shlwapi

crypt32

clusapi

kernel32

Sections

.text Size: 42KB - Virtual size: 42KB

.rdata Size: 21KB - Virtual size: 20KB

.lock Size: 523KB - Virtual size: 523KB

.rsrc Size: 2KB - Virtual size: 1KB

.text
Size: 42KB - Virtual size: 42KB

.rdata
Size: 21KB - Virtual size: 20KB

.lock
Size: 523KB - Virtual size: 523KB

.rsrc
Size: 2KB - Virtual size: 1KB