26d4ea1cb3f6cf50e9bd74b7c2a43ea7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

26d4ea1cb3f6cf50e9bd74b7c2a43ea7_JaffaCakes118
Size

130KB
MD5

26d4ea1cb3f6cf50e9bd74b7c2a43ea7
SHA1

9e818087e76615e6e54f7013790227d382c82763
SHA256

ff791a77ac77c1d3866c9ec79b3d37558e8299f036b45342a382931f0056fc92
SHA512

aa456ba38a654377fdaa544b2e4addcf15099a553a5d95498c1f05f105cc43ab169d670e948a26aeb527a2f5c12d86203dbea0939ee5dc070229cf12f0f9b22a
SSDEEP

3072:YwTO0cfShcmGJgSqP8sy1aCkIuqk72wFz+cANqh8kDyGYkW:/TkBmoGP8X1aCkKk73Fz+MDyG3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
26d4ea1cb3f6cf50e9bd74b7c2a43ea7_JaffaCakes118

Files

26d4ea1cb3f6cf50e9bd74b7c2a43ea7_JaffaCakes118
.exe windows:5 windows x86 arch:x86

75c018b54836e53adfea84a3d545fd65

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

atl

AtlAxCreateControl
AtlModuleTerm
AtlModuleRevokeClassObjects
AtlIPersistStreamInit_Load
AtlWaitWithMessageLoop
AtlAxCreateDialogA
AtlModuleRegisterClassObjects
AtlPixelToHiMetric
AtlGetVersion
AtlRegisterClassCategoriesHelper
AtlSetErrorInfo
AtlComQIPtrAssign
AtlUnmarshalPtr
AtlModuleExtractCreateWndData
AtlAdvise

kernel32

SetThreadPriority
CancelWaitableTimer
LoadLibraryA
GlobalMemoryStatus
GetCPInfo
GetStartupInfoA
GetWindowsDirectoryW
VerifyVersionInfoW
ExitProcess
GetShortPathNameW
BuildCommDCBW
VirtualAlloc
SetConsoleCtrlHandler
SetThreadContext
Toolhelp32ReadProcessMemory
WriteConsoleInputA
SuspendThread
ResetEvent
BaseCheckAppcompatCache
SetFilePointer
DosPathToSessionPathA
GetSystemTimeAsFileTime
GetUserGeoID
lstrcpynA
GetTickCount
IsDBCSLeadByteEx
WritePrivateProfileSectionW
lstrcmpA
FoldStringA

utildll

CompareElapsedTime
StrSystemWaitReason
WinEnumerateDevices
ParseDecoratedAsyncDeviceName
AsyncDeviceEnumerate
StrAsyncConnectState
GetSystemMessageW
IsPartOfDomain
StrConnectState
ConfigureModem
FormDecoratedAsyncDeviceName
CalculateElapsedTime
CalculateDiffTime
StrProcessState
EnumerateMultiUserServers
TestUserForAdmin
CachedGetUserFromSid
StandardErrorMessage
GetSystemMessageA
CtxGetAnyDCName
QueryCurrentWinStation
NetworkDeviceEnumerate

ntdll

RtlPopFrame
NtSetSystemEnvironmentValue
ZwOpenTimer
RtlIdentifierAuthoritySid
ZwShutdownSystem
NtSignalAndWaitForSingleObject
RtlDecompressBuffer
ZwReplyWaitReceivePort
iscntrl
RtlCreateUserSecurityObject
RtlGetLastWin32Error
RtlComputePrivatizedDllName_U
RtlSetCurrentEnvironment
NtCancelIoFile
NtDisplayString
LdrLoadAlternateResourceModule
ZwMakePermanentObject
wcslen
RtlGetCallersAddress

Sections

.text
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 73KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

75c018b54836e53adfea84a3d545fd65

Headers

DLL Characteristics

File Characteristics

Imports

atl

kernel32

utildll

ntdll

Sections

.text Size: 51KB - Virtual size: 50KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 73KB - Virtual size: 204KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 456B

.text
Size: 51KB - Virtual size: 50KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 73KB - Virtual size: 204KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 456B