174d8f68f85cdfdfe5192eab7b4776a0_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

174d8f68f85cdfdfe5192eab7b4776a0_JaffaCakes118
Size

849KB
MD5

174d8f68f85cdfdfe5192eab7b4776a0
SHA1

00b2115a15c54393524db0edd5257fbb911e5643
SHA256

06fbd556792f8911099138d49abf51e990908018db0c5a5ed0027b373d76ab8f
SHA512

0baedad0ccb6c6bc99766b6ac2a53893562bc2d4109facaec2cb0831ecac3f1d8fb87d1fd3f5958a3cdf024c38e4a1f4b18760be9f01aeb520afe97e688152f6
SSDEEP

24576:7pPFO8Z5wnZ5ACYA+kP2TF7ebjoHCI7b+nrgrfBtigNCtl:W8Z8sCYA+EOgnCa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
174d8f68f85cdfdfe5192eab7b4776a0_JaffaCakes118

Files

174d8f68f85cdfdfe5192eab7b4776a0_JaffaCakes118
.exe windows:5 windows x86 arch:x86

207329a9e1d07957861e28ea8a77f83a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscms

InternalGetPS2PreviewCRD
GetColorDirectoryA
GetColorProfileElement
UnregisterCMMW
InternalGetPS2ColorRenderingDictionary
GetNamedProfileInfo
CreateProfileFromLogColorSpaceA
GetCountColorProfileElements
GetCMMInfo
InternalGetDeviceConfig
CloseColorProfile
GetColorProfileHeader
TranslateColors
CreateColorTransformW
RegisterCMMW
DisassociateColorProfileFromDeviceA
SetColorProfileElementReference
ConvertIndexToColorName
UninstallColorProfileA
UninstallColorProfileW

kernel32

GetOverlappedResult
SetConsoleTitleA
IsValidCodePage
LeaveCriticalSection
RtlUnwind
GetVolumePathNameA
QueryInformationJobObject
GetConsoleAliasExesA
GetPrivateProfileStringW
LoadLibraryA
CreateDirectoryExA
ReplaceFileA
GetShortPathNameW
CmdBatNotification
GetTickCount
GetHandleContext
VirtualAlloc
GetExitCodeThread
DebugBreak
GetFirmwareEnvironmentVariableW
SetThreadPriority
AddConsoleAliasA
LZOpenFileA
SetCommMask

crtdll

_mbsrev
_strdec
_CIpow
qsort
_mbctolower
_write
asin
_rotr
printf
rand
_strrev
_tzname
_mkdir
_cprintf
_get_osfhandle
isspace
_setjmp
_mbsspnp
_mbctohira
strstr

gdi32

GdiPlayDCScript
RemoveFontResourceExA
bInitSystemAndFontsDirectoriesW
SetTextJustification
GetWindowExtEx
PolylineTo
RemoveFontResourceA
GetMiterLimit
SetColorAdjustment
AddFontResourceA
EnumFontFamiliesExA
GdiReleaseDC
GdiGetLocalBrush
StartFormPage
EngFreeModule
DPtoLP
PtVisible
NamedEscape
GetGraphicsMode
CreateRectRgn
GetBrushAttributes
GetTextAlign
EngCheckAbort
RoundRect
GetWinMetaFileBits

mapi32

MAPIFreeBuffer@4
UNKOBJ_ScAllocateMore@16
ScUNCFromLocalPath@12
PpropFindProp@12
ScCountNotifications@12
MNLS_lstrcpyW@8
MAPIInitialize@4
GetTnefStreamCodepage
BMAPIAddress
ScDupPropset@16
GetOutlookVersion@0
ScMAPIXFromCMC
BuildDisplayTable@40
LpValFindProp@12
HrDecomposeMsgID@24
UNKOBJ_ScSzFromIdsAlloc@20

Sections

.text
Size: 733KB - Virtual size: 733KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

207329a9e1d07957861e28ea8a77f83a

Headers

DLL Characteristics

File Characteristics

Imports

mscms

kernel32

crtdll

gdi32

mapi32

Sections

.text Size: 733KB - Virtual size: 733KB

.rdata Size: 107KB - Virtual size: 107KB

.data Size: 4KB - Virtual size: 1.4MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 733KB - Virtual size: 733KB

.rdata
Size: 107KB - Virtual size: 107KB

.data
Size: 4KB - Virtual size: 1.4MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB