2ff1daf21612df857b7a593605dd28ca_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2ff1daf21612df857b7a593605dd28ca_JaffaCakes118
Size

508KB
MD5

2ff1daf21612df857b7a593605dd28ca
SHA1

95492d65a3338c03fb4db76d18c2f0b8106d910c
SHA256

b02ec4bc266c2fe600854cc494330fda5940f8856d78bbe43247397ada8ff97a
SHA512

36f75f030763cbb2e5c6ce4d04a94f7eb8805e476aefdec1589ae99c98718f9c2ff8233b2a4d8c6de35c2480256d4c48f9d4d4454b0a275ed660a45ff0a0abaa
SSDEEP

12288:zU7tGxYHBeffucRxk3nN7P2MRRTzpMhRJW4BB/3NkuBz:zUUpHRKXNbfR4JnBB/d9B

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2ff1daf21612df857b7a593605dd28ca_JaffaCakes118

Files

2ff1daf21612df857b7a593605dd28ca_JaffaCakes118
.exe windows:5 windows x86 arch:x86

357990f33d6e0c05281b756448fa2619

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

tree_peek_ndr
char_from_ndr
char_array_from_ndr
UuidCompare
RpcSsGetContextBinding
RpcSsEnableAllocate
RpcSmClientFree
RpcServerUseProtseqIfA
CStdStubBuffer_Disconnect
RpcServerUseProtseqEpExA
RpcNetworkInqProtseqsA
MIDL_wchar_strcpy
DceErrorInqTextA
CStdStubBuffer_QueryInterface

ntdll

RtlSplay
RtlNtStatusToDosError
RtlSetInformationAcl
RtlUnwind
RtlpWaitForCriticalSection
ZwDelayExecution
ZwExtendSection
NtSetThreadExecutionState
NtMapUserPhysicalPagesScatter
DbgUiConnectToDbg
NtStartProfile

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerFindFileA
VerFindFileW
VerInstallFileA
VerInstallFileW
VerQueryValueA

crtdll

wcstombs
setbuf
iswdigit
iswalnum
_ltow
_j0
_ismbcprint
_chsize
_ecvt
_exit
_fdopen
_finite
_getdrive

userenv

DestroyEnvironmentBlock
FreeGPOListW
RegisterGPNotification
LeaveCriticalPolicySection
GetProfilesDirectoryW
GetAppliedGPOListW
EnterCriticalPolicySection

kernel32

lstrcpynA
WriteProcessMemory
WritePrivateProfileStructW
WritePrivateProfileSectionW
VirtualFree
VirtualAlloc
VerLanguageNameW
VerLanguageNameA
UnregisterWaitEx
SetVolumeMountPointA
SetLastError
SetEnvironmentVariableA
OpenMutexA
MoveFileW
HeapAlloc
Heap32ListNext
GlobalUnWire
GlobalDeleteAtom
GetWindowsDirectoryW
GetUserDefaultUILanguage
GetTimeZoneInformation
GetSystemTime
GetPrivateProfileStringA
GetNumberFormatA
GetCommandLineA
GetBinaryTypeW
FindVolumeMountPointClose
FindNextVolumeMountPointA
FindFirstVolumeW
ExitProcess
CreateFileMappingW
CreateDirectoryW
BuildCommDCBA

Exports

Exports

afgyr
ladHD
mxxkx
rmsWkepq
vrxkn
xvzxg
znyVnm

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 447KB - Virtual size: 447KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

357990f33d6e0c05281b756448fa2619

Headers

File Characteristics

Imports

rpcrt4

ntdll

version

crtdll

userenv

kernel32

Exports

Exports

Sections

.text Size: 34KB - Virtual size: 33KB

.data Size: 447KB - Virtual size: 447KB

.rsrc Size: 26KB - Virtual size: 26KB

.text
Size: 34KB - Virtual size: 33KB

.data
Size: 447KB - Virtual size: 447KB

.rsrc
Size: 26KB - Virtual size: 26KB