410e8f5af6b6f21b94deb7bf8451265b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

410e8f5af6b6f21b94deb7bf8451265b_JaffaCakes118
Size

853KB
MD5

410e8f5af6b6f21b94deb7bf8451265b
SHA1

600a22db0f1e55626930e5e8453a80702c50c73a
SHA256

765d95c475e08337577abf33571103a18b14eb04c18b293adc459de9c758c783
SHA512

b3b61269dc74acdee6f5cb5f88a2726579ede7a747b724ef277e4b3a3d2d246b429508b50d3040d8d7ef142f4be393bdd02b17a21d937ef4bda2da0fbe3d2c5a
SSDEEP

24576:aN9SHLMog3UTOFGQ8PHJ/NEfxbGWqRyr:PMHaOFGDJ/KfxbtIyr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
410e8f5af6b6f21b94deb7bf8451265b_JaffaCakes118

Files

410e8f5af6b6f21b94deb7bf8451265b_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f492775c7426d30a81c969fac9c92427

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msdmo

MoCopyMediaType
DMORegister
DMOGetTypes
DMOStrToGuidA
DMOStrToGuidW
MoInitMediaType
MoDuplicateMediaType
DMOGuidToStrA
DMOUnregister
DMOGetName
DMOGuidToStrW
MoFreeMediaType
MoDeleteMediaType
DMOEnum
MoCreateMediaType

kernel32

FlushViewOfFile
UpdateResourceW
InitializeCriticalSection
NlsGetCacheUpdateCount
SetTimeZoneInformation
VirtualAlloc
CancelDeviceWakeupRequest
SetTermsrvAppInstallMode
ReplaceFileW
IsValidCodePage
LoadLibraryA
GetFirmwareEnvironmentVariableW
GetVolumePathNamesForVolumeNameA
SetCommMask
CallNamedPipeW
GetNativeSystemInfo
FindNextChangeNotification
InitAtomTable
RegisterWowExec
RaiseException

ole32

CoUnloadingWOW
OleIsRunning
HENHMETAFILE_UserUnmarshal
StringFromCLSID
CreatePointerMoniker
HENHMETAFILE_UserSize
CreateILockBytesOnHGlobal
CoGetObject
CoReleaseServerProcess
DoDragDrop
FreePropVariantArray
CoFreeUnusedLibrariesEx
HMETAFILEPICT_UserUnmarshal
UtGetDvtd16Info
GetHGlobalFromStream
PropVariantClear
OleSetAutoConvert
CoIsHandlerConnected
OleRegEnumVerbs
OleUninitialize
ReadFmtUserTypeStg
OleSave
PropSysFreeString
CoCopyProxy

ntdll

NtDeleteKey
RtlValidateHeap
ZwUnlockVirtualMemory
RtlxOemStringToUnicodeSize
ZwSetBootOptions
RtlxUnicodeStringToAnsiSize
RtlDestroyProcessParameters
NtExtendSection
RtlpNtQueryValueKey
_snprintf
NtSetHighEventPair
_ltow
NtOpenProcessToken
RtlAppendPathElement
wcscmp
_i64toa
DbgUiGetThreadDebugObject
RtlReleaseActivationContext
RtlUnicodeStringToAnsiSize

ieakeng

ShowADMWindow
ShowInetcpl
BuildPalette
DestroyADMWindow
MoveADMWindow
SelectADMItem
ModifyZones
ModifyAuthCode
CheckField
ModifyRatings
MoveDownFavorite
ErrorMessageBox
GetFavoritesMaxNumber
SaveADMItem
DoReboot
NewFolder
BToolbar_Edit
GetFavoritesNumber
CheckForDupKeys
IsFavoriteItem
CreateADMWindow

ws2_32

WSASetBlockingHook
WSAJoinLeaf
WSACreateEvent
WSCDeinstallProvider
WSALookupServiceNextA
WSCWriteProviderOrder
getservbyname
WSCInstallNameSpace
WSALookupServiceNextW
htonl
getsockname
__WSAFDIsSet
bind
WSALookupServiceEnd
listen
WSAAddressToStringW
send
recv
WSALookupServiceBeginW
WSAAsyncGetProtoByName
htons
shutdown
WSACancelBlockingCall

Sections

.text
Size: 721KB - Virtual size: 720KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f492775c7426d30a81c969fac9c92427

Headers

DLL Characteristics

File Characteristics

Imports

msdmo

kernel32

ole32

ntdll

ieakeng

ws2_32

Sections

.text Size: 721KB - Virtual size: 720KB

.rdata Size: 124KB - Virtual size: 123KB

.data Size: 4KB - Virtual size: 1.5MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 721KB - Virtual size: 720KB

.rdata
Size: 124KB - Virtual size: 123KB

.data
Size: 4KB - Virtual size: 1.5MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB