0f7b0513c95d4e4b16d2323ce5ce8d6b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0f7b0513c95d4e4b16d2323ce5ce8d6b_JaffaCakes118
Size

43KB
MD5

0f7b0513c95d4e4b16d2323ce5ce8d6b
SHA1

93d07ac183daf5b7a3ef388a29d05083363ab539
SHA256

c72bf9b2631eff564f9b9c117667a274e113064b739e2e0163f2e674242d5b4a
SHA512

2c616ca0ab405c80167c4558e5367224c044386be901ddec89115e220795f8b136ff8f6b3022d307656d5119b9169933e28b9c49d42a5c7b45e1e25ab617e74a
SSDEEP

384:DBCzMTq7xvIe44S0WNCUwJhwyW17izqu+WRCTBWUNQsn8MV/Sy3YZMav3gnBRgy7:SQwf+uUT1NQUpS3FvyRgy9UK6OepG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f7b0513c95d4e4b16d2323ce5ce8d6b_JaffaCakes118

Files

0f7b0513c95d4e4b16d2323ce5ce8d6b_JaffaCakes118
.exe windows:6 windows x86 arch:x86

67c73fb684d72feafdb809a7513de2e8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

rasautou.pdb

Imports

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExA

kernel32

VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetModuleHandleW
GetLastError
ExpandEnvironmentStringsW
MultiByteToWideChar
WideCharToMultiByte
ProcessIdToSessionId
GetCurrentProcessId
FreeLibrary
GetProcAddress
LoadLibraryW
HeapSetInformation
GetModuleFileNameW
DeactivateActCtx
ActivateActCtx
ReleaseActCtx
CreateActCtxW
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
InterlockedCompareExchange
Sleep
InterlockedExchange

msvcrt

_except_handler4_common
?terminate@@YAXXZ
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_amsg_exit
_initterm
_controlfp
_exit
_cexit
__wgetmainargs
exit
_stricmp
strstr
memset
_wcsicmp
printf
_vsnprintf
_XcptFilter
__set_app_type

ntdll

DbgPrint
NtClose
NtOpenFile
RtlInitUnicodeString
NtQuerySystemInformation

rasapi32

DwRasUninitialize
RasGetAutodialParamW
RasGetAutodialAddressW
RasEnumAutodialAddressesW

rasdlg

RasPhonebookDlgW
RasAutodialQueryDlgW
RasDialDlgW

tapi32

lineShutdown
lineGetTranslateCapsW
lineInitialize

ws2_32

WSAStartup

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

67c73fb684d72feafdb809a7513de2e8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcrt

ntdll

rasapi32

rasdlg

tapi32

ws2_32

Sections

.text Size: 10KB - Virtual size: 9KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 29KB - Virtual size: 30KB

.text
Size: 10KB - Virtual size: 9KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 29KB - Virtual size: 30KB