102e1750120708148acf7230b6b2ceb2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

102e1750120708148acf7230b6b2ceb2_JaffaCakes118
Size

132KB
MD5

102e1750120708148acf7230b6b2ceb2
SHA1

3f52228d37b44817572cd8a128ab68eed1bf6e23
SHA256

1eda441d69497e6fa700f0936b36ed7c01ad331b8634837212347d1fe6f8bf8e
SHA512

ba2fe82ca0c7f70d45a774e184751cf7ee7cb60171470d6793ea1627897f71eacb02f5ce836fdcadfe2027edc9ff3492b4a5a452fe543e14b1ecbf31fd749db4
SSDEEP

3072:WjLxhc+IlODqQ0jrjSRT2SKR6bZPVmatDoNHkUwGCXRKTUyO:R1ID+vjSRiXRQbhDsEUP4J

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
102e1750120708148acf7230b6b2ceb2_JaffaCakes118

Files

102e1750120708148acf7230b6b2ceb2_JaffaCakes118
.exe windows:5 windows x86 arch:x86

17cc0817494cb75afae8008aa0d8d63f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ieakeng

GetAdmWindowHandle
GetFavoritesNumber
ProcessFavSelChange
SaveADMItem
ShowADMWindow
SelectADMItem
CheckForDupKeys
ModifyAuthCode
CanDeleteADM
BToolbar_Edit
GetFavoritesMaxNumber
CreateADMWindow
DoReboot
BToolbar_Remove
ShowInetcpl
ModifyZones
IsFavoriteItem
BuildPalette
DisplayADMItem
ModifyRatings
MoveDownFavorite
MoveADMWindow
ErrorMessageBox

kernel32

SetLastError
GetStartupInfoA
WaitCommEvent
QueryDepthSList
SetSystemPowerState
SetTapePosition
DeleteVolumeMountPointA
LCMapStringW
ReadConsoleOutputCharacterW
SetCommState
WriteProfileSectionW
Module32FirstW
SetConsoleOS2OemFormat
EnumLanguageGroupLocalesA
LoadLibraryA
SetConsoleNumberOfCommandsW
GlobalAlloc
GlobalUnfix
GetNextVDMCommand
AddRefActCtx
SetEvent
GetConsoleInputWaitHandle
VirtualAlloc

user32

EnumDisplayDevicesW
GetCursorInfo
WinHelpW
IMPGetIMEA
SetCursorPos
TranslateAcceleratorW
MessageBeep
SendDlgItemMessageA
CopyAcceleratorTableA
DrawCaption
OpenIcon
UnhookWindowsHookEx
CreateAcceleratorTableA
ChangeDisplaySettingsA
LoadIconW
CreateAcceleratorTableW
GetMessageW
EnumDisplaySettingsExA
FillRect
DeleteMenu
CharToOemA
CreateWindowStationW
DrawTextExA

ntdll

NtDuplicateObject
ispunct
ZwOpenSemaphore
RtlApplicationVerifierStop
RtlUnhandledExceptionFilter
ZwQueryEvent
RtlCreateBootStatusDataFile
NtSetDefaultUILanguage
_vsnprintf
NtOpenSemaphore
ZwQueryAttributesFile
__isascii
NtPulseEvent
RtlExtendedLargeIntegerDivide
NtSystemDebugControl
cos
ZwImpersonateThread
ZwAdjustGroupsToken
ZwLoadKey2
NtLoadDriver
ZwSetQuotaInformationFile
RtlCompactHeap
NtSuspendThread
_alldiv
RtlGetProcessHeaps
KiUserCallbackDispatcher
ZwFsControlFile
ZwSetThreadExecutionState
RtlSetGroupSecurityDescriptor
NtStartProfile
RtlCopySid
NtReadVirtualMemory
ZwCreateKeyedEvent
NtSetSystemTime
atoi
RtlSetTimeZoneInformation
RtlMapSecurityErrorToNtStatus
strncat
RtlVerifyVersionInfo

webclnt

DavClose
ServiceMain
DavInit
SvchostPushServiceGlobals

Sections

.text
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

17cc0817494cb75afae8008aa0d8d63f

Headers

DLL Characteristics

File Characteristics

Imports

ieakeng

kernel32

user32

ntdll

webclnt

Sections

.text Size: 31KB - Virtual size: 30KB

Size: 38KB - Virtual size: 38KB

.data Size: 60KB - Virtual size: 220KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 148B

.text
Size: 31KB - Virtual size: 30KB

.data
Size: 60KB - Virtual size: 220KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 148B