0da4d11735d572322c1b672a6c5111d9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0da4d11735d572322c1b672a6c5111d9_JaffaCakes118
Size

84KB
MD5

0da4d11735d572322c1b672a6c5111d9
SHA1

3852b6a8563102d9665f8e309ea4d3d227b2aeec
SHA256

160424e1a7c343bfcf95111f98787d663bf737a5ac550d5b5f1372f59d9235bd
SHA512

2a594340d16e27c4e53784926fa0cd6f44662ea9d26bc05229390c70f5113576db8b500d6331430dfa764930de55e3d869e172b95052c82d1d43116d6d7dde80
SSDEEP

1536:yZE1Keqpc7DpSx0LWM7YG67yDk/OBPgQwJtvFJRU4Yh:iE1KFpcpSxKYG6tGB45bvXy4Y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0da4d11735d572322c1b672a6c5111d9_JaffaCakes118

Files

0da4d11735d572322c1b672a6c5111d9_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c4792de788e5ed0bcbc021fdf46c32a5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CmdBatNotification
GetSystemTimeAsFileTime
VirtualAlloc
GetCommConfig
IsBadCodePtr
OpenFileMappingW
GetTickCount
GetNumaNodeProcessorMask
QueryPerformanceCounter
LoadLibraryA
EnumSystemCodePagesW
EnumSystemGeoID
HeapCreate
FatalAppExitW
GetCurrentThreadId
GetTimeFormatW
GetProcessIoCounters
GetCurrentProcessId
GlobalUnfix
VerLanguageNameW
GetStartupInfoA

msvcrt40

wcstod
labs
_yn
sin
iswgraph
iswpunct
pow
_mbsncmp
_mbsnbcnt
??4bad_typeid@@QAEAAV0@ABV0@@Z
_adj_fdivr_m32i
??0ifstream@@QAE@H@Z
__p__wpgmptr
fwprintf
strcspn
_winver
_spawnlp

ntdll

ZwImpersonateThread
ZwMakeTemporaryObject
RtlCreateActivationContext
ZwFsControlFile
ZwLoadKey2
RtlDosApplyFileIsolationRedirection_Ustr
NtQueryBootOptions
RtlDeactivateActivationContextUnsafeFast
RtlRegisterWait
ZwOpenEventPair
NtAllocateLocallyUniqueId
ZwQuerySystemInformation
NtDuplicateToken
NtCreateFile

expsrv

__vbaUI1Str
__vbaFreeStr
__vbaRecDestruct
rtcMonthName
rtcDoEvents
rtcIMEStatus
rtcBstrFromAnsi
__vbaGet4
__vbaGosub
_adj_fdivr_m16i
__vbaVarTextLike
__vbaFileCloseAll
__vbaCyI2
__vbaVarTextTstEq
__vbaVarErrI4
__vbaObjSet

gdi32

GetCharWidthFloatW
DdEntry7
LineTo
GetTextAlign
EngLineTo
DdEntry19
FONTOBJ_pxoGetXform
GdiGetCharDimensions
SetEnhMetaFileBits
AddFontResourceExW
Escape
CloseMetaFile

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c4792de788e5ed0bcbc021fdf46c32a5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt40

ntdll

expsrv

gdi32

Sections

.text Size: 29KB - Virtual size: 29KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 30KB - Virtual size: 40KB

.rsrc Size: 20KB - Virtual size: 20KB

.reloc Size: 512B - Virtual size: 228B

.text
Size: 29KB - Virtual size: 29KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 30KB - Virtual size: 40KB

.rsrc
Size: 20KB - Virtual size: 20KB

.reloc
Size: 512B - Virtual size: 228B