0cd4baaa71e4779dbb2793e9ea489691_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0cd4baaa71e4779dbb2793e9ea489691_JaffaCakes118
Size

432KB
MD5

0cd4baaa71e4779dbb2793e9ea489691
SHA1

d57b6a65f6882d43ea9c01d90e685c0fd12bedc2
SHA256

a8f7bfdd2bc1848727b8c6d759f6d9e1a846eb90dd5b1886fe5c089892ed425f
SHA512

133c2055dd5c993650cfd44fa6e7ab3ee4d6069b9167956327eb8238ea9ad5f03730cc382f6b8d71bfb544bcd21376fcec1d8a0b7f18f1d01ef1d7bab536a802
SSDEEP

12288:57Ecb/3fs1fk7NmtPmMWm8erUVMnxwIvW:bb/ENkstPN8erUVMnGIvW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0cd4baaa71e4779dbb2793e9ea489691_JaffaCakes118

Files

0cd4baaa71e4779dbb2793e9ea489691_JaffaCakes118
.exe windows:4 windows x86 arch:x86

818acc8541d0ab475362b95f869f0024

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtCancelTimer
wcsstr
NtWriteFileGather
RtlNewSecurityObject
wcslen
NtClose
NtOpenFile
RtlCutoverTimeToSystemTime
ZwClose
_wcslwr

mtxclu

MtxCluGetComputerNameW
MtxCluGetDTCVirtualServerNameW
MtxCluGetDTCStatusW
MtxCluIsClusterPresentExW
MtxCluIsClusterPresent
MtxCluIsSameNodeW
MtxCluBringOnlineDTCW

usp10

ScriptGetFontProperties
ScriptStringFree
ScriptStringAnalyse
ScriptGetProperties
ScriptStringGetLogicalWidths
LpkPresent
ScriptIsComplex
UspAllocCache
ScriptStringGetOrder
UspFreeMem
ScriptRecordDigitSubstitution

mprapi

MprAdminConnectionEnum
MprAdminInterfaceSetInfo
MprInfoBlockAdd
MprAdminServerDisconnect
MprConfigBufferFree
MprAdminInterfaceDisconnect
MprAdminInterfaceTransportAdd
MprInfoBlockRemove
MprConfigGetGuidName
MprConfigInterfaceCreate
MprAdminServerConnect
MprAdminUserSetInfo
MprConfigServerConnect
MprConfigInterfaceTransportSetInfo
MprInfoDelete
MprAdminMIBEntryGetNext
MprAdminMIBEntryGet
MprAdminMIBBufferFree
MprAdminInterfaceTransportSetInfo

msvcrt

__p__commode
__p__osver
rand
_fstati64
setbuf
__p__iob
iswspace
__p__fmode
difftime
_access
_mktemp

user32

GetDC
SetForegroundWindow
DdeQueryStringA
VkKeyScanW
GetMenu
GetSystemMetrics
GetFocus
LoadCursorW
SetUserObjectSecurity
OpenInputDesktop
EnumDisplaySettingsW
UpdateLayeredWindow
LoadStringW
GetDesktopWindow
DispatchMessageA
wsprintfA

kernel32

GetCurrentProcess
GetCommMask
GetCurrentProcessId
GetACP
GetFileTime
GetLastError
GlobalGetAtomNameA
GetCurrentThreadId
GetCommandLineW
GetTickCount
Sleep
GetModuleHandleW
ExitProcess
PostQueuedCompletionStatus
GetCommandLineA
GetVersion
GetCurrentThread
GetModuleHandleA
EnumTimeFormatsW
WaitCommEvent
SetConsoleCP
CreateMailslotW
OpenEventA
CreateIoCompletionPort
GetProcessHeap
GetEnvironmentVariableW
VirtualAlloc
GetNamedPipeInfo

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: - Virtual size: 453KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2.9MB - Virtual size: 5.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 99KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

818acc8541d0ab475362b95f869f0024

Headers

File Characteristics

Imports

ntdll

mtxclu

usp10

mprapi

msvcrt

user32

kernel32

Sections

.text Size: 11KB - Virtual size: 10KB

.edata Size: - Virtual size: 453KB

.idata Size: 2.9MB - Virtual size: 5.5MB

.tls Size: - Virtual size: 3KB

DATA Size: 512B - Virtual size: 24B

.rsrc Size: 99KB - Virtual size: 100KB

.text
Size: 11KB - Virtual size: 10KB

.edata
Size: - Virtual size: 453KB

.idata
Size: 2.9MB - Virtual size: 5.5MB

.tls
Size: - Virtual size: 3KB

DATA
Size: 512B - Virtual size: 24B

.rsrc
Size: 99KB - Virtual size: 100KB