603306494f3238f969b968c258e737f3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

603306494f3238f969b968c258e737f3_JaffaCakes118
Size

94KB
MD5

603306494f3238f969b968c258e737f3
SHA1

87266b58fe27b258328f69b7a4403d53fb31c28f
SHA256

7db0ab3969440b19ba7c89c2ed2d0260f15a9457d652d8eea127e666369af1ea
SHA512

fec9f9f58cf9b87bbc5f2f357ff09948dd1063a987d3262b509686eb6e60f34f64fe282534415d4039efdd51f56756abbb699224e278ae1327648f658825426f
SSDEEP

1536:UDSa90nQvkXX0qK4SyEBjMKozU9Xa0QlcUcuFO:o998XEqK4kBjMKoiXTQlcruFO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
603306494f3238f969b968c258e737f3_JaffaCakes118

Files

603306494f3238f969b968c258e737f3_JaffaCakes118
.exe windows:5 windows x86 arch:x86

94b8911e45841bbc6d924040aac2f8c9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

OpenServiceW
QueryServiceConfigA
InitiateSystemShutdownA
WmiSetSingleInstanceW
CryptEnumProviderTypesW
AddUsersToEncryptedFile
GetTrusteeNameW
LsaGetSystemAccessAccount
A_SHAFinal
RegEnumValueA
LsaSetTrustedDomainInformation
LsaLookupNames2
RegCreateKeyA
ObjectPrivilegeAuditAlarmW

msvcrt20

_wenviron
__p__fmode
_pgmptr
setvbuf
_wsplitpath
__threadid
iswalnum
?in_avail@streambuf@@QBEHXZ
iswcntrl
_spawnv
clearerr
_mbsspn

kernel32

FatalExit
FindAtomA
GetVersion
SetConsoleDisplayMode
UnmapViewOfFile
CreateProcessW
GetFullPathNameA
GetFileAttributesW
lstrcmpA
GetCalendarInfoW
VirtualAlloc
SetPriorityClass
lstrcpynW
GetDriveTypeA
LoadLibraryA
GetTickCount
HeapAlloc
Sleep

msoert2

MessageBoxInstW
SzGetCertificateEmailAddress
UlStripWhitespace
fGetBrowserUrlEncoding
CopyRegistry
PszToANSI
HrFindInetTimeZone
BrowseForFolder
HrGetStreamPos
OpenFileStream
HrStreamSeekSet
IsPrint
OpenFileStreamShareW
ChConvertFromHex
PszDupW
HrCopyStream
BrowseForFolderW

msvcp60

?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ
?clear@ios_base@std@@QAEXH_N@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?imag@?$_Complex_base@N@std@@QAENABN@Z
?grouping@?$numpunct@D@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXID@Z
?pbackfail@?$basic_filebuf@GU?$char_traits@G@std@@@std@@MAEGG@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??_F?$complex@O@std@@QAEXXZ
?quiet_NaN@?$numeric_limits@H@std@@SAHXZ
?sungetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?frac_digits@?$_Mpunct@D@std@@QBEHXZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAO@Z
??Gstd@@YA?AV?$complex@N@0@ABNABV10@@Z

sqlwoa

AllocConvertMultiSZNameToA
_ExtTextOut@32
_tfopen
_GetTextExtentPoint@16
_trename
_GetObject@12
_CreateWindowEx@48
_FindResource@12
_RemoveProp@8
_GetDlgItemText@16
_CreateFile@28
_LoadBitmap@8
_IsDialogMessage@8
newMultiByteFromWideChar
_LoadMenu@8
_WinHelp@16

comdlg32

GetFileTitleW
ChooseFontA
PrintDlgW
GetOpenFileNameW
GetOpenFileNameA
CommDlgExtendedError
ReplaceTextW
FindTextW
Ssync_ANSI_UNICODE_Struct_For_WOW
GetSaveFileNameA
PrintDlgExW
GetSaveFileNameW
ChooseColorA

Sections

.text
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

94b8911e45841bbc6d924040aac2f8c9

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

msvcrt20

kernel32

msoert2

msvcp60

sqlwoa

comdlg32

Sections

.text Size: 46KB - Virtual size: 45KB

.data Size: 21KB - Virtual size: 26KB

.rsrc Size: 25KB - Virtual size: 25KB

.reloc Size: 512B - Virtual size: 320B

.text
Size: 46KB - Virtual size: 45KB

.data
Size: 21KB - Virtual size: 26KB

.rsrc
Size: 25KB - Virtual size: 25KB

.reloc
Size: 512B - Virtual size: 320B