29edea0f1cdb9deef2c1c1f068b4563d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

29edea0f1cdb9deef2c1c1f068b4563d_JaffaCakes118
Size

573KB
MD5

29edea0f1cdb9deef2c1c1f068b4563d
SHA1

5a52ab02b2c240dcafe2f3b6c6efc148b53eccd5
SHA256

57b201ede1306d68d7dbfe64e7583cfd7741987ca4c50f3c53cb069f50b42648
SHA512

bc1429f7c1888b6a41440d7a9506d8d6f2e994d95c57e14f3ece6308d1645659288957ed8fa20fe0e9a80e29a959b9db5d06fc90b59bdf0f1bcc6b9f7fc6897e
SSDEEP

12288:+9DawQbgWAEfZPHk3q/rffLpcEpg1cqJP9DsX5s6mDaaa:+9DLQb5AEhPEajfzpcOIcqd9DsX5sbZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
29edea0f1cdb9deef2c1c1f068b4563d_JaffaCakes118

Files

29edea0f1cdb9deef2c1c1f068b4563d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c8f9c834de33c15b5df418af5b8a7cd6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crtdll

wscanf
wcsrchr
sin
localtime
isalnum
fputc
_rmtmp
_ismbblead
_finite
_fileno
_exit
_c_exit

version

VerQueryValueW
GetFileVersionInfoSizeA
GetFileVersionInfoA

rpcrt4

double_from_ndr
RpcSmClientFree
RpcServerTestCancel
RpcMgmtStatsVectorFree
RpcMgmtSetComTimeout
RpcMgmtEpEltInqDone
RpcBindingSetAuthInfoExA
MesInqProcEncodingId
DceErrorInqTextA

ntdll

ZwOpenIoCompletion
ZwDeleteAtom
RtlSetTimer
RtlSetAttributesSecurityDescriptor
RtlPrefixString
RtlNtStatusToDosError
NtSetLowWaitHighEventPair
NtLoadKey2
NtEnumerateValueKey
NtAllocateUuids
CsrFreeCaptureBuffer
RtlAddAuditAccessAce

kernel32

SetCommState
CompareFileTime
ExitProcess
FindFirstChangeNotificationW
FindFirstFileExW
FindNextChangeNotification
GetACP
GetCPInfoExW
GetCommandLineA
GetDriveTypeW
GetTapeParameters
GlobalMemoryStatus
HeapAlloc
lstrcpyA
WaitForMultipleObjectsEx
VirtualFree
VirtualAlloc
VerLanguageNameW
VerLanguageNameA
TlsSetValue
SetWaitableTimer
SetUnhandledExceptionFilter
SetThreadPriorityBoost
SetThreadLocale
SetThreadAffinityMask
SetLastError
OpenSemaphoreW
OpenMutexW
MultiByteToWideChar
LocalAlloc
LeaveCriticalSection
BeginUpdateResourceW

userenv

UnregisterGPNotification
RegisterGPNotification
LeaveCriticalPolicySection
CreateEnvironmentBlock
DestroyEnvironmentBlock
EnterCriticalPolicySection
ExpandEnvironmentStringsForUserW
FreeGPOListW
GetAppliedGPOListW
GetProfilesDirectoryW

Exports

Exports

BRnrnzlfhUPtU
DlgeRgva
EmaWeo
fcedGvrxhujszqexEd
hnppntvrirpCat
jbgNukyqj
jgtAQhoXatrwxqduvbA
kbtGVFtcycZgBo
krgjmvic
mxPjrcwfohcvthGu
sjgffj
tspgjkAbYldwEj
usRbfdgkGlcYwYSh
woebXvSCpUjdp
xklrt
ynvjpgbMyHi

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 505KB - Virtual size: 507KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c8f9c834de33c15b5df418af5b8a7cd6

Headers

File Characteristics

Imports

crtdll

version

rpcrt4

ntdll

kernel32

userenv

Exports

Exports

Sections

.text Size: 35KB - Virtual size: 35KB

.data Size: 505KB - Virtual size: 507KB

.rsrc Size: 31KB - Virtual size: 30KB

.text
Size: 35KB - Virtual size: 35KB

.data
Size: 505KB - Virtual size: 507KB

.rsrc
Size: 31KB - Virtual size: 30KB