0aad3b75b8ca8f359aae4f6ea88347df_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0aad3b75b8ca8f359aae4f6ea88347df_JaffaCakes118
Size

51KB
MD5

0aad3b75b8ca8f359aae4f6ea88347df
SHA1

58d2dff1722be402e2fe238d79a6273e92b5fa88
SHA256

a2ecf84a2f27012828099a4ee6d239b615d23f631d0f7db7de42af39f76a1445
SHA512

fa38fadb7c32e58188c0de744d5f2b506be674f10c14018913405a3e3e73340d5c3029c4aabdfbe563d3c5c509b417ac2085b82fa0921065330120c741c735bb
SSDEEP

768:h25wqPhA7mdKNS/UUw35qVupJSm8X1e7O7xPTD25y/9g2xLApPBAw7h1:h2qqKl30Vuym8XJ7DwyvlyPBA4h

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0aad3b75b8ca8f359aae4f6ea88347df_JaffaCakes118

Files

0aad3b75b8ca8f359aae4f6ea88347df_JaffaCakes118
.exe windows:5 windows x86 arch:x86

644530dbf37237f38a3ff1eefccc87d5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

clusapi

ClusterGroupOpenEnum
GetClusterNetInterfaceState
GetClusterNotify
EvictClusterNode
GetClusterFromNode
ClusterGroupControl
GetClusterResourceTypeKey
CreateClusterResourceType
ClusterRegQueryValue
ResumeClusterNode
ClusterGroupCloseEnum
SetClusterGroupName
DeleteClusterGroup
ClusterNodeEnum
SetClusterName
ClusterResourceOpenEnum
BackupClusterDatabase
ClusterRegOpenKey
GetClusterGroupState
CloseClusterResource
GetClusterFromNetInterface
RegisterClusterNotify
OnlineClusterGroup
OfflineClusterResource
GetClusterFromGroup
GetClusterResourceNetworkName
FailClusterResource
ClusterNodeControl
ClusterRegGetKeySecurity
ClusterRegDeleteValue
MoveClusterGroup
ClusterRegDeleteKey
ClusterNetworkOpenEnum
GetClusterResourceKey
GetClusterGroupKey
ClusterNetworkGetEnumCount
CreateClusterResource
ClusterEnum
ClusterResourceTypeEnum
GetClusterNetworkKey
GetNodeClusterState
SetClusterNetworkName
SetClusterGroupNodeList
SetClusterQuorumResource

ntdll

NtConnectPort
RtlSetCurrentDirectory_U
RtlSubAuthoritySid
RtlSetLastWin32Error
CsrClientCallServer
KiRaiseUserExceptionDispatcher
RtlInitializeBitMap
ZwQueryDirectoryObject
RtlInitializeRXact
RtlInitUnicodeString
RtlGetCallersAddress
NtWaitLowEventPair
ZwWriteFile
ZwQuerySymbolicLinkObject
NtQueueApcThread
NtEnumerateBootEntries
NtReplyWaitReplyPort
RtlZeroHeap
NtDeleteObjectAuditAlarm
_CIsqrt
NtCreatePagingFile
RtlCopyLuidAndAttributesArray
NtQueryInstallUILanguage
ZwQueryEaFile
NtOpenMutant
DbgBreakPoint
RtlApplicationVerifierStop
NtQueryTimerResolution
ZwSetLdtEntries
RtlInt64ToUnicodeString
ZwQueryFullAttributesFile
NtRenameKey
RtlCompareMemory
ZwCompareTokens
ZwQueryBootEntryOrder
NtQueryKey
NtIsProcessInJob
DbgPrintReturnControlC
NtAllocateUserPhysicalPages
sscanf
ZwReplyWaitReceivePort
NtOpenProcess
RtlInsertElementGenericTableAvl
RtlGetControlSecurityDescriptor

user32

GrayStringW
CreateWindowExW
BroadcastSystemMessageExA
GetWindowThreadProcessId
RemovePropA
wsprintfA
LockWindowStation
MessageBoxExW
EnumPropsA
MenuWindowProcA
SetWindowLongW
PackDDElParam
UnregisterUserApiHook
CharPrevW
ChangeDisplaySettingsExW
ModifyMenuA
SetThreadDesktop
SendMessageCallbackW
GetMessagePos
SetDlgItemInt
DdeImpersonateClient
PostThreadMessageW
RegisterClipboardFormatA
DlgDirSelectComboBoxExA
LoadKeyboardLayoutW
PostThreadMessageA
RegisterUserApiHook
ChildWindowFromPoint
DrawTextExA
MonitorFromWindow
DdeQueryNextServer
SendMessageW
GetSystemMenu
SetDoubleClickTime
DdeInitializeW
InsertMenuA
GetTitleBarInfo
GetWindowLongW
SetClipboardData
GetMenuCheckMarkDimensions
FlashWindow

kernel32

GetLocaleInfoW
SetConsoleNlsMode
GetUserGeoID
EnumResourceTypesA
GetOEMCP
GetACP
GetLogicalDriveStringsA
FatalAppExitW
WriteConsoleOutputA
SetProcessAffinityMask
SetConsoleNumberOfCommandsW
SetConsoleInputExeNameA
CreateActCtxA
DeleteTimerQueueTimer
SetLastError
EnumSystemGeoID
LZStart
CreateDirectoryExA
CommConfigDialogW
GetLongPathNameA
DeleteFileA
LocalFileTimeToFileTime
SetTapePosition
BaseFlushAppcompatCache
GetConsoleAliasExesLengthW
Process32Next
OutputDebugStringA
FreeLibraryAndExitThread
VirtualAlloc
FlushConsoleInputBuffer
ReadProcessMemory
PrivMoveFileIdentityW
GetSystemDefaultLangID
HeapAlloc
GlobalFlags
SetTimerQueueTimer
LocalAlloc
InitializeCriticalSectionAndSpinCount
SetWaitableTimer
CreateDirectoryA
CopyFileExA
LoadLibraryA
GlobalAlloc
DeleteVolumeMountPointA
GetVolumePathNameW
SetVolumeLabelW
PrepareTape
GetModuleFileNameA
FindAtomA
RemoveDirectoryA
GetProcessTimes
SetComputerNameExA
SetThreadContext
CompareFileTime

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

644530dbf37237f38a3ff1eefccc87d5

Headers

DLL Characteristics

File Characteristics

Imports

clusapi

ntdll

user32

kernel32

Sections

.text Size: 39KB - Virtual size: 39KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 2KB - Virtual size: 51KB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 39KB - Virtual size: 39KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 2KB - Virtual size: 51KB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1KB - Virtual size: 1KB