40bc7bc1d6b778e7340271f53691dc06_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

40bc7bc1d6b778e7340271f53691dc06_JaffaCakes118
Size

852KB
MD5

40bc7bc1d6b778e7340271f53691dc06
SHA1

762cc0a5613acedef49556d286fc1e560a3914c7
SHA256

fe0ea2ef2ffeff21da5125bfa2a4f82cff41f253b9a5b23e64b19f17e164ee7f
SHA512

8a6aefa9e910a9ce12adfc32ba65d43a109ef5d9f313a4c47156e1453f2c5c7f9fc373dd5ed7f0e3bb89365338ac858d7a48d9c0ec9550241b390acc0ca845cc
SSDEEP

24576:qki6djSy82PWPme63u9evvEhP9CbPNVXtPbBR:qkzWB2eee6gMvhbPlPb7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
40bc7bc1d6b778e7340271f53691dc06_JaffaCakes118

Files

40bc7bc1d6b778e7340271f53691dc06_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ae086cf52f049053f324eb807e8e6329

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

OaBuildVersion
VarCyRound
VarI4FromBool
SysStringByteLen
VarI1FromBool
SafeArrayCopy
OleLoadPicture
VarUI8FromI2
VarI2FromUI1
VarCyMul
VarUI4FromBool
VarCyFromStr
VarI4FromI8
VarEqv
VarUI4FromDec
VarUI1FromI4
OleLoadPictureFileEx

wininet

InternetEnumPerSiteCookieDecisionW
FtpFindFirstFileA
FtpGetFileEx
FindCloseUrlCache
InternetSetOptionExA
FindNextUrlCacheEntryExW
InternetAttemptConnect
UnlockUrlCacheEntryFileW
InternetGetCertByURLA
FtpFindFirstFileW
InternetSetPerSiteCookieDecisionA
InternetLockRequestFile
SetUrlCacheConfigInfoW
FtpRemoveDirectoryW
InternetTimeToSystemTimeW
InternetOpenUrlW
GetUrlCacheEntryInfoExW
InternetGetCookieExW
InternetGetLastResponseInfoA
InternetCanonicalizeUrlW
InternetSetDialStateA
InternetConnectW

msi

MsiProvideComponentFromDescriptorA
MsiRecordSetInteger
MsiEnumFeaturesA
MsiIsProductElevatedW
MsiEnumPatchesW
MsiOpenDatabaseA
MsiProvideQualifiedComponentA
MsiDeleteUserDataW
MsiDatabaseApplyTransformW
MsiFormatRecordW
MsiAdvertiseScriptA
MsiGetSourcePathA
MsiCollectUserInfoA
MsiOpenDatabaseW
MsiRecordDataSize
MsiSetFeatureStateW
MsiDecomposeDescriptorA
MsiCloseHandle

cfgmgr32

CM_Free_Res_Des_Ex
CM_Get_Resource_Conflict_Count
CM_Locate_DevNodeW
CM_Register_Device_Driver_Ex
CM_Get_Sibling
CM_Unregister_Device_Interface_ExW
CM_Get_DevNode_Registry_Property_ExW
CM_Get_Hardware_Profile_Info_ExA
CM_Get_Device_Interface_List_ExA
CM_Is_Dock_Station_Present
CM_Delete_DevNode_Key
CMP_UnregisterNotification
CM_Create_Range_List
CM_Reenumerate_DevNode_Ex
CM_Get_Class_Key_Name_ExW
CMP_RegisterNotification

kernel32

BeginUpdateResourceW
SetFileShortNameW
GetVolumePathNameA
UnlockFileEx
LoadLibraryA
lstrcatW
VirtualAlloc
GetTickCount
GlobalAddAtomA
InvalidateConsoleDIBits
GetProcAddress
IsValidCodePage
WritePrivateProfileStringW
GetConsoleDisplayMode
GetPrivateProfileSectionNamesW
Heap32First
GetVersionExW
GetCurrentProcessId
GetOverlappedResult
_lclose

Sections

.text
Size: 736KB - Virtual size: 735KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ae086cf52f049053f324eb807e8e6329

Headers

DLL Characteristics

File Characteristics

Imports

oleaut32

wininet

msi

cfgmgr32

kernel32

Sections

.text Size: 736KB - Virtual size: 735KB

.rdata Size: 107KB - Virtual size: 107KB

.data Size: 4KB - Virtual size: 1.5MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 736KB - Virtual size: 735KB

.rdata
Size: 107KB - Virtual size: 107KB

.data
Size: 4KB - Virtual size: 1.5MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB