37dc4a19c4da93f19fe8b198ece96556_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

37dc4a19c4da93f19fe8b198ece96556_JaffaCakes118
Size

592KB
MD5

37dc4a19c4da93f19fe8b198ece96556
SHA1

a6a0eeca1e41f29e8b1ecbf4dfb2b9664030df59
SHA256

db085ffb81b0dc4e14387be4b418c888fa96ee87858a8975a97a489710e961ed
SHA512

2b4212c4a40d2ecc049fc44dbd56c1f18c92af18528f956a214b091add90daea3e4f8731720aa6b4cef0b9e60c903a529f836df1a605b6d9b6960287e99040c3
SSDEEP

12288:2G/hIYlWovidM7pp2rKCXhZrjI8xJA7i9EsUnsAdt:2G//4ovZghhFjxJMiWnL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
37dc4a19c4da93f19fe8b198ece96556_JaffaCakes118

Files

37dc4a19c4da93f19fe8b198ece96556_JaffaCakes118
.exe windows:5 windows x86 arch:x86

63c180374ce1865596096bb748de9a88

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

userenv

FreeGPOListW
CreateEnvironmentBlock
GetProfilesDirectoryW
RegisterGPNotification
UnregisterGPNotification
ExpandEnvironmentStringsForUserW

kernel32

VirtualAlloc
VirtualFree
VerifyVersionInfoW
VerLanguageNameW
VerLanguageNameA
CreateNamedPipeW
EndUpdateResourceW
EnumLanguageGroupLocalesA
EnumResourceLanguagesA
ExitProcess
FindVolumeClose
GetACP
GetAtomNameW
GetCPInfo
GetCommandLineA
GetDriveTypeA
GetPrivateProfileIntA
GetSystemDirectoryW
GetSystemWindowsDirectoryW
GetTimeZoneInformation
GlobalDeleteAtom
GlobalWire
HeapAlloc
IsDBCSLeadByte
OpenMutexA
QueueUserAPC
QueueUserWorkItem
RtlZeroMemory
SetCurrentDirectoryA
SetHandleInformation
SetLastError
SetUnhandledExceptionFilter
UnregisterWaitEx

crtdll

_memicmp
strspn
strcoll
ldiv
iswgraph
_mbsspnp
_mbcjistojms
_exit
_finite
_fpreset
_ismbcl1
_loaddll
_locking

ntdll

NtFreeUserPhysicalPages
RtlNtStatusToDosError
RtlValidRelativeSecurityDescriptor
ZwAlertResumeThread
ZwPowerInformation
RtlConvertUiListToApiList
NtSetInformationObject
NtRaiseException

rpcrt4

RpcSsFree
UuidFromStringA
char_from_ndr
short_from_ndr_temp
tree_into_ndr
RpcServerYield
CStdStubBuffer_CountRefs
RpcBindingReset
RpcServerRegisterIf
RpcServerUseAllProtseqsEx
RpcServerUseProtseqEpA

version

GetFileVersionInfoSizeA
VerInstallFileA
VerInstallFileW
VerQueryValueW
GetFileVersionInfoA

Exports

Exports

JeliJGlhDtlxkaQ
JtaxjaLPuuqcplvrsS
LJcebcSti
TkhuntxzJt
Wqwyz
cgoretkjyux
grsnq
hqzxrJlibahpsx
hsutEupdkxu
iApesqssifpFAaPRdfa
neZxSgbfym
ofrKqaryAx
pvqhewrjxg
qUksq
rwvatts
thZzgeVndk
tjmxdvjkWo
xrfwgrhiTselyyHl
zMedclrkyyulbyo
zansaxi

Sections

.text
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 505KB - Virtual size: 507KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

63c180374ce1865596096bb748de9a88

Headers

File Characteristics

Imports

userenv

kernel32

crtdll

ntdll

rpcrt4

version

Exports

Exports

Sections

.text Size: 34KB - Virtual size: 34KB

.data Size: 505KB - Virtual size: 507KB

.rsrc Size: 51KB - Virtual size: 51KB

.text
Size: 34KB - Virtual size: 34KB

.data
Size: 505KB - Virtual size: 507KB

.rsrc
Size: 51KB - Virtual size: 51KB