61d19c380e290d41e50a481891698286_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

61d19c380e290d41e50a481891698286_JaffaCakes118
Size

83KB
MD5

61d19c380e290d41e50a481891698286
SHA1

05ecd614607a5a14a451ca692becec03923e1244
SHA256

e33adcac0d8bfdafcc36b20a212ae879470fe446a58c5346bda4646153d1bddd
SHA512

5c816a9f176608ddfb030e823fa739a454832fdb7f3ce1670d481eb5078bfaea737108ab26933cfc412fea2c589e117265cf8150ddd9f0adc63b3d2fba450bc2
SSDEEP

1536:IXCTTJuz8FmJvdYDmpiYkbaSY9B3277Y5QY8+0qW0JSYjuDU5pHCgvqWWUfIPvl4:z1P0JvdYDmGcNZar+1JSbU5J5v0Y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
61d19c380e290d41e50a481891698286_JaffaCakes118

Files

61d19c380e290d41e50a481891698286_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b6dd67fc8b9d21acd16a894dcf3f039b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crtdll

_mbsdec
_osmode_dll
iswlower
??2@YAPAXI@Z
vwprintf
toupper
_heapmin
wprintf
_pgmptr_dll
_clearfp
wcsncat
strncpy
_fputchar
isleadbyte
_gcvt
_commode_dll
_CIexp
_execve
_chsize
strcspn
atexit
free
setlocale
_wcsset
iscntrl
atol
_hypot
__doserrno
_environ_dll
_ismbcdigit
_CIfmod
_mbspbrk
_spawnvp

gdi32

GetClipRgn
SetPixelV
STROBJ_bEnum
EnumEnhMetaFile
GetPixel
DdEntry27
CreateDCA
DdEntry21
SetAbortProc
CreateDiscardableBitmap
GdiCreateLocalMetaFilePict
CombineTransform
GetPaletteEntries
ExtSelectClipRgn
GetObjectA
GdiEntry8
SetBkMode
GdiEntry2
EngDeleteSurface

ntdll

NtRemoveProcessDebug
_ultoa
RtlGetLongestNtPathLength
RtlGetActiveActivationContext
ZwSuspendThread
RtlCheckRegistryKey
NtOpenThreadTokenEx
NtOpenKeyedEvent
ZwAccessCheckByTypeResultList
RtlAddAttributeActionToRXact
RtlUnicodeStringToInteger
RtlEqualLuid
NtReplyWaitReplyPort
NtSetEventBoostPriority
RtlIsNameLegalDOS8Dot3
isupper
NtDuplicateObject
RtlUpcaseUnicodeStringToOemString
ZwQueryKey
RtlGUIDFromString
atoi
DbgUiGetThreadDebugObject

kernel32

GetCurrentProcessId
QueryPerformanceCounter
GetDevicePowerState
LoadLibraryA
VirtualAlloc
FreeEnvironmentStringsA
GetStartupInfoA
GetSystemTimeAsFileTime
HeapCreate
VirtualQueryEx
WinExec
GetVolumePathNamesForVolumeNameA
BeginUpdateResourceA
GetCurrentThreadId
GetTickCount
CreateFileA
SetLocaleInfoA
SetConsoleNumberOfCommandsW

snmpapi

SnmpUtilVarBindCpy
SnmpUtilOidNCmp
SnmpUtilMemReAlloc
SnmpSvcSetLogLevel
SnmpUtilUTF8ToUnicode
SnmpSvcInitUptime
SnmpSvcAddrIsIpx
SnmpUtilOidFree
SnmpUtilVarBindListFree
SnmpUtilOidToA
SnmpUtilMemAlloc
SnmpUtilVarBindListCpy
SnmpUtilAsnAnyCpy
SnmpUtilUnicodeToAnsi

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b6dd67fc8b9d21acd16a894dcf3f039b

Headers

DLL Characteristics

File Characteristics

Imports

crtdll

gdi32

ntdll

kernel32

snmpapi

Sections

.text Size: 33KB - Virtual size: 33KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 17KB - Virtual size: 78KB

.rsrc Size: 19KB - Virtual size: 19KB

.reloc Size: 512B - Virtual size: 268B

.text
Size: 33KB - Virtual size: 33KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 17KB - Virtual size: 78KB

.rsrc
Size: 19KB - Virtual size: 19KB

.reloc
Size: 512B - Virtual size: 268B