a722470aa7c11e005d5fe7dd9c2c4e0c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a722470aa7c11e005d5fe7dd9c2c4e0c_JaffaCakes118
Size

210KB
MD5

a722470aa7c11e005d5fe7dd9c2c4e0c
SHA1

56be1aded43e4dbcaf539490825534c9aced924b
SHA256

883a89b36ad80d55e9870860270911807e3ed9a9f63daef3e287bdeee08d3f3b
SHA512

72c35ca8e5a3150fcba361cc1a91c1cbb8fe6f55eab2f9c49bf22c546ea3fb6ad8bd389c688c08152a8550f9814c764c40f415662a31f07f4d19ceb995391857
SSDEEP

3072:b5M4EdpZtJYNj1JLWHO+p5cShESCWxq8EZnVfMkvRf4zbyPNshFpUavs0uIgqgip:tMpdzcB1JLKcShxTE8EZJb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a722470aa7c11e005d5fe7dd9c2c4e0c_JaffaCakes118

Files

a722470aa7c11e005d5fe7dd9c2c4e0c_JaffaCakes118
.exe windows:5 windows x86 arch:x86

288fcb089e23d8752992f9dab0c95fa3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_SYSTEM

Imports

winspool.drv

DeletePortW

advapi32

LogonUserA
InitiateSystemShutdownA
QueryUsersOnEncryptedFile
CryptDestroyKey
GetServiceDisplayNameW
GetSidIdentifierAuthority
LookupPrivilegeNameW

ole32

MkParseDisplayName

oleaut32

GetRecordInfoFromGuids
SystemTimeToVariantTime
LoadTypeLi

user32

IsWindowVisible
GetLastActivePopup
CreateIconFromResource
GetMenuItemCount
LockWorkStation
ExcludeUpdateRgn
DrawMenuBar
DeferWindowPos
GetDialogBaseUnits
GetMenuContextHelpId
PhysicalToLogicalPoint
GetPriorityClipboardFormat
GetMenuState
CharNextW
FlashWindowEx
ChangeMenuA
DrawTextW
GetWindowLongW
GetWindowRgn
FindWindowW
LoadAcceleratorsA
LookupIconIdFromDirectoryEx

esent

JetTerm2

ws2_32

shutdown
getservbyname

wininet

DeleteUrlCacheEntryW
FindNextUrlCacheEntryW

version

GetFileVersionInfoSizeW

shell32

ExtractIconA

gdi32

StrokePath
GetLogColorSpaceA
GetCurrentPositionEx
CreateCompatibleBitmap

winmm

mmioSendMessage

msvcrt

fgetws
fputws

clusapi

GetClusterFromResource

rasapi32

RasGetEapUserIdentityA

kernel32

GetFileType
IsWow64Process
GetSystemWindowsDirectoryA
LocalFree
GetPrivateProfileSectionW
EnumResourceTypesA
GetThreadLocale
GetLocalTime
GetWindowsDirectoryA
FlushFileBuffers
GetPrivateProfileIntW
GlobalAddAtomA
GetShortPathNameA
GetVolumePathNamesForVolumeNameW
GetAtomNameA
LocalUnlock
GetTapeStatus
GetOverlappedResult
MapViewOfFile
GetTapePosition
GetTimeZoneInformation
GetSystemPowerStatus
GetModuleHandleA
DeactivateActCtx
GetVolumeInformationA
GetPrivateProfileStringA
GetExitCodeThread
IsValidLocale
FindResourceExW
GetLogicalDrives
FlsGetValue
GetConsoleMode

rpcrt4

RpcRaiseException

shlwapi

HashData

Sections

.text
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CODE
Size: 82KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CONST
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.crt2
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

288fcb089e23d8752992f9dab0c95fa3

Headers

DLL Characteristics

File Characteristics

Imports

winspool.drv

advapi32

ole32

oleaut32

user32

esent

ws2_32

wininet

version

shell32

gdi32

winmm

msvcrt

clusapi

rasapi32

kernel32

rpcrt4

shlwapi

Sections

.text Size: 123KB - Virtual size: 122KB

CODE Size: 82KB - Virtual size: 91KB

CONST Size: 3KB - Virtual size: 2KB

.crt2 Size: 1024B - Virtual size: 944B

.text
Size: 123KB - Virtual size: 122KB

CODE
Size: 82KB - Virtual size: 91KB

CONST
Size: 3KB - Virtual size: 2KB

.crt2
Size: 1024B - Virtual size: 944B