10459782035ff1891b47b1b6cedd8817_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

10459782035ff1891b47b1b6cedd8817_JaffaCakes118
Size

162KB
MD5

10459782035ff1891b47b1b6cedd8817
SHA1

6bf2fcae10e91ec1514a99e26a15cb653a93c5da
SHA256

058f737121ad3decfbad5f74c4fb7ab4b391ff56c8d5673867df03703eb77302
SHA512

9df8e486073c604f90e26537e0ff1b0ddc17338f23073022edee38880d2b42e449111a7226a4a37d6c8b6400aa0f37923de2fd26b19ded4caf1384b52804763b
SSDEEP

3072:lkVsrEbPXUQ7yL0jShqIfySPZIRNq7ZV3AMTtHpul+hWrJcd8T:lkVNPEUjOCSacZiMxJul9cd8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
10459782035ff1891b47b1b6cedd8817_JaffaCakes118

Files

10459782035ff1891b47b1b6cedd8817_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c89f326802c59ddab90bebf6ff1a024c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

SetMenuItemInfoA
CreateDialogIndirectParamAorW
FillRect
GetWinStationInfo
ToAsciiEx
GetWindowContextHelpId
DefMDIChildProcA
RegisterDeviceNotificationW
ReasonCodeNeedsComment
wsprintfA
LoadCursorFromFileW
SetWindowsHookExA
LoadMenuIndirectW
DrawTextExW
DdeKeepStringHandle
CheckRadioButton
OpenIcon
IsCharUpperA
LoadIconA
CreateAcceleratorTableA
ScrollWindow
GetSysColorBrush
IsHungAppWindow
WindowFromDC
MsgWaitForMultipleObjectsEx
GetShellWindow
GetWindowModuleFileNameW
EnumThreadWindows
GetWindowModuleFileNameA
DialogBoxParamW
InsertMenuItemA
DragDetect
SetCursorPos
RealGetWindowClassW
BroadcastSystemMessage
GetAsyncKeyState
LoadMenuIndirectA
MessageBeep

kernel32

FlushFileBuffers
PostQueuedCompletionStatus
LoadLibraryA
GetConsoleCommandHistoryA
GetUserDefaultLCID
GetProfileIntW
LoadResource
CancelWaitableTimer
SetStdHandle
EnumTimeFormatsW
ConnectNamedPipe
LoadLibraryExW
EnterCriticalSection
IsValidLocale
WriteConsoleOutputCharacterW
VirtualQueryEx
IsBadStringPtrW
GetConsoleHardwareState
IsBadHugeReadPtr
LeaveCriticalSection
GetLogicalDriveStringsW
ClearCommBreak
GetFileSize
CreateEventA
GetPrivateProfileSectionNamesW
VirtualAlloc
GlobalFree
RemoveLocalAlternateComputerNameA
WriteConsoleOutputCharacterA
InterlockedPopEntrySList
BaseDumpAppcompatCache
GlobalLock
GlobalAddAtomW
GetFirmwareEnvironmentVariableW
GetNumberOfConsoleMouseButtons
GetSystemDefaultLCID
IsValidCodePage
IsDebuggerPresent
LZStart
SetConsoleMenuClose
WriteConsoleA

msacm32

acmStreamPrepareHeader
acmStreamClose
acmFormatTagDetailsW
acmStreamSize
acmDriverDetailsW
acmFilterTagDetailsW
acmStreamConvert
acmStreamMessage
acmStreamReset
acmFormatChooseA
acmFormatSuggest
acmFormatDetailsW
acmDriverRemove
acmFilterTagEnumW
acmFormatTagEnumA
acmFormatChooseW
acmDriverAddA
acmFilterDetailsW
acmStreamOpen
acmStreamUnprepareHeader
acmDriverClose
acmDriverDetailsA
acmFormatTagEnumW
acmDriverAddW
acmFormatEnumA
acmDriverPriority
acmFormatEnumW
acmGetVersion
acmDriverOpen
acmMetrics
acmFormatTagDetailsA
acmFilterEnumA
acmFilterDetailsA
acmFilterChooseW
XRegThunkEntry
acmDriverEnum
acmMessage32
acmFormatDetailsA

crtdll

_ltoa
_heapchk
acos
asctime
_itoa
_putenv
_spawnve
malloc
_mbsnbcpy
_execl
_fputwchar
sqrt
_timezone_dll
_dup
_putch
time
_aexit_rtn_dll
_control87
fscanf
_chgsign
_matherr
_ismbbalnum
_mbsncpy
tan
_CIatan2
strncmp
_CIcos

dhcpcsvc

DhcpAcquireParameters
DhcpLeaseIpAddressEx
DhcpUndoRequestParams
DhcpRegisterParamChange
DhcpNotifyConfigChange
McastApiCleanup
DhcpLeaseIpAddress
DhcpRequestParams
DhcpRenewIpAddressLease
DhcpPersistentRequestParams
DhcpOpenGlobalEvent
DhcpRequestOptions
DhcpCApiInitialize
DhcpRenewIpAddressLeaseEx
DhcpEnumClasses
DhcpReleaseIpAddressLease
DhcpDeRegisterParamChange
McastRequestAddress
McastGenUID
DhcpStaticRefreshParams
DhcpNotifyConfigChangeEx
McastEnumerateScopes
DhcpDeRegisterOptions
McastApiStartup
DhcpHandlePnPEvent
DhcpReleaseParameters
DhcpReleaseIpAddressLeaseEx
DhcpCApiCleanup
DhcpFallbackRefreshParams
DhcpRemoveDNSRegistrations
DhcpRegisterOptions
DhcpAcquireParametersByBroadcast
McastRenewAddress
McastReleaseAddress

lz32

LZCloseFile
LZDone
LZInit
LZOpenFileW
LZStart
LZRead
LZSeek
GetExpandedNameA
LZCopy
CopyLZFile
LZClose
LZOpenFileA

Sections

.text
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 211KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c89f326802c59ddab90bebf6ff1a024c

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

msacm32

crtdll

dhcpcsvc

lz32

Sections

.text Size: 90KB - Virtual size: 90KB

.rdata Size: 55KB - Virtual size: 55KB

.data Size: 12KB - Virtual size: 211KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 90KB - Virtual size: 90KB

.rdata
Size: 55KB - Virtual size: 55KB

.data
Size: 12KB - Virtual size: 211KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1KB - Virtual size: 1KB