20da4645a1af441d7dfb92e975f2b0b8_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

20da4645a1af441d7dfb92e975f2b0b8_JaffaCakes118
Size

643KB
MD5

20da4645a1af441d7dfb92e975f2b0b8
SHA1

0db0c5ac595489a30fca48020fd5a5158b632854
SHA256

1287985c23f4cbfbae10061b727a0673bed2ac6a333ed1a213d9fe8fec0868e8
SHA512

b9ab9a18d361caaa6aee18e35fa3ee945aee877df405aef30aa3aef12aa5471be0ac0adea85493a16ba13da4bebad313245f40e7743ba0464509dc6d63d6567f
SSDEEP

12288:gzYw1PkLX8qx/XklDxsaamQ1MXiqCjV+tVs99QHkSOUXrdQR/:gz92LklOmvXWjx8O5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
20da4645a1af441d7dfb92e975f2b0b8_JaffaCakes118

Files

20da4645a1af441d7dfb92e975f2b0b8_JaffaCakes118
.exe windows:5 windows x86 arch:x86

22e8fc0346fb48181910c817aa956b09

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winsta

_WinStationBeepOpen
_WinStationShadowTargetSetup
_WinStationBreakPoint
WinStationQueryLicense
WinStationGetLanAdapterNameA
WinStationConnectCallback
WinStationQueryLogonCredentialsW
WinStationEnumerateA
ServerLicensingOpenW
WinStationGetTermSrvCountersValue
WinStationSetInformationW
WinStationGenerateLicense
WinStationShadow
_WinStationUpdateUserConfig
WinStationEnumerateProcesses
ServerLicensingClose
WinStationCloseServer

kernel32

DeleteCriticalSection
GetFullPathNameW
CancelTimerQueueTimer
SetCommState
GetCurrentConsoleFont
VirtualAlloc
LZOpenFileA
SetNamedPipeHandleState
CreateDirectoryW
HeapReAlloc
WriteProcessMemory
CreateProcessA
ExitProcess
CreateJobObjectA
GetCompressedFileSizeW
GetComPlusPackageInstallStatus
CloseHandle
ReleaseActCtx

opengl32

glCopyTexSubImage2D
glEdgeFlagPointer
glNormal3b
glColor4b
glVertex4s
glStencilOp
glTexCoord2iv
glMultMatrixd
glLoadMatrixd
glTexCoord2sv
glRasterPos3fv
glPixelMapfv

mpr

WNetOpenEnumW
WNetFormatNetworkNameW
MultinetGetErrorTextA
WNetGetLastErrorA
WNetGetNetworkInformationW
WNetDisconnectDialog2
MultinetGetConnectionPerformanceW
WNetCancelConnectionA
WNetConnectionDialog2
WNetSetConnectionA
WNetPasswordChangeNotify
WNetSetLastErrorA
WNetOpenEnumA
WNetGetConnection3A

msvcrt20

?close@ifstream@@QAEXXZ
_tcschr
strtol
wcscmp
?setlock@streambuf@@QAEXXZ
_mbscoll
?getline@istream@@QAEAAV1@PAEHD@Z
_wtoi
_ismbbkpunct
_locking
_tclen
??_Gstreambuf@@UAEPAXI@Z
_pipe
_mbscspn
__iscsym
localeconv
??_Gstdiostream@@UAEPAXI@Z

user32

GetParent
GetMenu
GetWindowDC

Sections

.text
Size: 319KB - Virtual size: 318KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idat_00
Size: 185KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

22e8fc0346fb48181910c817aa956b09

Headers

DLL Characteristics

File Characteristics

Imports

winsta

kernel32

opengl32

mpr

msvcrt20

user32

Sections

.text Size: 319KB - Virtual size: 318KB

.rdata Size: 132KB - Virtual size: 132KB

.idat_00 Size: 185KB - Virtual size: 260KB

.rsrc Size: 5KB - Virtual size: 4KB

.text
Size: 319KB - Virtual size: 318KB

.rdata
Size: 132KB - Virtual size: 132KB

.idat_00
Size: 185KB - Virtual size: 260KB

.rsrc
Size: 5KB - Virtual size: 4KB