237e3dd13d811d21fcf6e41bd4226500_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

237e3dd13d811d21fcf6e41bd4226500_JaffaCakes118
Size

512KB
MD5

237e3dd13d811d21fcf6e41bd4226500
SHA1

07f4c50b8c3a7fda83cda707a0546d748090d706
SHA256

ce174862f4c73c6ece191a3a2ef0ee965b1b59c9907fbcc701adecbaef5540a8
SHA512

a9723dc7b2f03a989e496fdc0412337a170a8d9c868931f6840fb4b654ca01e886b1ceb6ab3198e060ed5cbfa156a4bea10af0f08c60a36980e3708061249626
SSDEEP

12288:DvcXZY0LwbhwEpjYX5afMu6AbqQLmWYYXj+B:Dv+RIpjYX5y6AbLwYT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
237e3dd13d811d21fcf6e41bd4226500_JaffaCakes118

Files

237e3dd13d811d21fcf6e41bd4226500_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b73b2a5742d430c0e9facd8ee6591646

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

userenv

DestroyEnvironmentBlock
EnterCriticalPolicySection
ExpandEnvironmentStringsForUserW
FreeGPOListW
GetAppliedGPOListW
CreateEnvironmentBlock
UnregisterGPNotification
RegisterGPNotification
LeaveCriticalPolicySection
GetProfilesDirectoryW

kernel32

_lclose
VirtualFree
VirtualAlloc
VerifyVersionInfoA
VerLanguageNameA
SetUnhandledExceptionFilter
SetLastError
SetFileAttributesW
CancelIo
CreateMutexA
EraseTape
ExitProcess
FileTimeToDosDateTime
FindFirstChangeNotificationW
GetACP
GetAtomNameA
GetCalendarInfoW
GetCommandLineA
GetComputerNameA
GetCurrentThreadId
GetMailslotInfo
GetPrivateProfileStringA
HeapAlloc
IsBadStringPtrA
IsDBCSLeadByte
OpenFileMappingW
OpenMutexA
Process32FirstW
ReadProcessMemory

crtdll

wcsxfrm
vfwprintf
strcmp
sqrt
isleadbyte
clock
atan
abs
_ultoa
_strnset
_ecvt
_execve
_exit
_filelength
_finite
_ftime
_mbctohira
_mbscmp
_mbscpy
_mbsnccnt
_rotr
_stat
wctomb

rpcrt4

MesIncrementalHandleReset
RpcBindingFromStringBindingA
RpcBindingServerFromClient
tree_peek_ndr

version

VerFindFileW
GetFileVersionInfoW
GetFileVersionInfoSizeW
GetFileVersionInfoA
VerInstallFileA

ntdll

ZwQueryDefaultUILanguage
ZwOpenThreadToken
RtlTryEnterCriticalSection
RtlOemToUnicodeN
RtlNtStatusToDosError
NtWriteFile
NtQueryInformationFile
NtNotifyChangeKey
NtGetPlugPlayEvent

Exports

Exports

Lqctkyi
Suttnuzjcclkx
Sxmvcno
WLTRc
WpGrGdUmtghBwCik
affIxbtVoxqg
basffpitWThokctxy
iqRRRwpAsgjhKy
kmmmtxlcoSwWgdAyz
opgrqonvi
oxbijEzyvhs
pqtVuanpp
sqxktBchqym
tkwobigsyyci
xqkOwtkjkoXl
zzlxaitoFniirkh

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 449KB - Virtual size: 451KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b73b2a5742d430c0e9facd8ee6591646

Headers

File Characteristics

Imports

userenv

kernel32

crtdll

rpcrt4

version

ntdll

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 35KB

.data Size: 449KB - Virtual size: 451KB

.rsrc Size: 26KB - Virtual size: 26KB

.text
Size: 36KB - Virtual size: 35KB

.data
Size: 449KB - Virtual size: 451KB

.rsrc
Size: 26KB - Virtual size: 26KB