64e8b641c19142f1961e3dab64b49f3b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

64e8b641c19142f1961e3dab64b49f3b_JaffaCakes118
Size

90KB
MD5

64e8b641c19142f1961e3dab64b49f3b
SHA1

07ed7a4f4fd7e37d9f5e633ba9ab6c0139e4b9df
SHA256

1ba2104971c462f376b821ebe8ccaad83d2660e038098b393eda64ab945a32c2
SHA512

9e6f32b97f65ceddc4db5d1eaade18fd4000dda47a18b3a7f84e1ceb22eef68285a570ec2fd0e5ff8837298ac597531dba44180c62e04ecc1a63993d2c62ba5e
SSDEEP

1536:zQoTWnnkQpUNvuZg0uVKbyvb+36CNgnQiUtgxNkGIdus4F7Zr:FTWkQuNmZg9KhqCmQV2x3r

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
64e8b641c19142f1961e3dab64b49f3b_JaffaCakes118

Files

64e8b641c19142f1961e3dab64b49f3b_JaffaCakes118
.exe windows:1 windows x86 arch:x86

a248c223f39a963b06892a15139c7907

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

sqlunirl

_NDdeShareEnum_@24
_GetCompressedFileSize_@8
_SetWindowText@8
_ResetDC_@8
_NDdeIsValidAppTopicList_@4
_GetKeyNameText_@12
_TabbedTextOut_@32
_GetVolumeInformation_@32
_GetLogColorSpace_@12
_ObjectOpenAuditAlarm_@48
_GetCharABCWidthsFloat_@16
_IsDialogMessage@8
_RegOpenKey_@12
_CopyFile_@12
_GetWindowTextLength@4
_LookupPrivilegeName_@16
_CharToOemBuff_@12
_ModifyMenu_@20
newMultiByteFromWideCharSize
_ClearEventLog_@8
_CreatePropertySheetPage_@4
_CreateColorSpace_@4
_GetUnicodeRedirectionLayer@0
_IsCharAlpha_@4
_SetFileSecurity_@12
_RemoveFontResource_@4
_ObjectPrivilegeAuditAlarm_@24
_FindText_@4
_TranslateAccelerator@12
_PostMessage@16
_NDdeShareAdd_@20
_ExtTextOut@32
_CreateDialogIndirectParam@20
_CharUpperBuff_@8
_ObjectDeleteAuditAlarm_@12
_DispatchMessage_@4
_WritePrivateProfileStruct_@20
_EnumFontFamilies_@16
_VkKeyScanEx_@8
_ShellExecute_@24
_StartDoc@8
_EnumResourceTypes_@12
newMultiByteFromWideCharEx
_InsertMenu_@20
_WriteProfileSection_@8
_CharUpper@4
_ChangeServiceConfig_@44
_CreateDirectory_@8
_MoveFileEx_@12
_LoadMenuIndirect_@4
_DlgDirList_@20
_CharNext_@4
wsprintf_
_GetMetaFile_@4
_SetClassLong_@12
_SHBrowseForFolder_@4
_CreateScalableFontResource_@16
_GetCharABCWidths_@16
_LookupPrivilegeValue_@12
_LoadLibraryEx_@12
_OpenEvent_@12
_CallNamedPipe_@28
_GetFullPathName_@16
_BackupEventLog_@8
_DlgDirSelectEx_@16
_GetICMProfile_@12
_ShellExecuteEx_@4
_LogonUser_@24
_GetModuleFileName@12
_MessageBoxEx_@20
_LoadCursorFromFile_@4
_GetSaveFileName@4
_PropertySheet_@4

gdi32

DdEntry7
OffsetClipRgn
GetCharWidth32W
DdEntry26
DdEntry41
EngGetPrinterDataFileName
EngQueryEMFInfo
CreateFontA
CreateRectRgnIndirect
CreateDIBPatternBrush
DdEntry55
EngCheckAbort
EngMarkBandingSurface
GetStringBitmapW
PolyTextOutW
GetCharABCWidthsFloatW
GdiCreateLocalMetaFilePict
CopyEnhMetaFileA
SetPixel
GetCharWidthI
GetWindowOrgEx
GetFontData
CreatePolyPolygonRgn
OffsetRgn
TextOutW
GetDIBColorTable
CopyMetaFileA
CreateFontW
FONTOBJ_cGetGlyphs
RealizePalette
SetBoundsRect
DdEntry37
SetFontEnumeration
GetColorSpace
GetPixel
QueryFontAssocStatus
GetViewportOrgEx
GetEnhMetaFileW
SetEnhMetaFileBits
GetCharABCWidthsW
EnumFontFamiliesA
GdiGetPageHandle
CLIPOBJ_ppoGetPath
GdiDeleteSpoolFileHandle
GdiSetBatchLimit

ntdll

RtlInitializeRXact
RtlNumberGenericTableElements
NtReplyWaitReceivePort
ZwMakeTemporaryObject
RtlTraceDatabaseLock
RtlInitializeBitMap
NtDeleteFile
sin
NtSetBootOptions
RtlInterlockedFlushSList
RtlRealPredecessor
NtVdmControl
RtlCreateHeap
RtlAddAuditAccessAceEx
wcscspn
NtDuplicateToken
ZwSetVolumeInformationFile
RtlGetActiveActivationContext
RtlGetSaclSecurityDescriptor
RtlUlonglongByteSwap
ZwWaitLowEventPair
_memccpy
RtlCompressBuffer
ZwQueryPerformanceCounter
RtlWalkFrameChain
KiRaiseUserExceptionDispatcher

msvcrt

ldexp
_strnicoll
_vsnprintf
_ismbcspace
__isascii
??_7__non_rtti_object@@6B@
_findfirst64
_wfullpath
_ismbcl2
__p___initenv
_findclose
_sys_nerr
_ultoa
_mbcjistojms
iswxdigit
_wrmdir
__CxxUnregisterExceptionObject
strrchr
_chgsign
_wfindfirst
_amsg_exit
_mbsnicoll
_wsearchenv
_CIacos
??_7bad_typeid@@6B@
wcsstr
_getch
__setusermatherr
_ismbbtrail

kernel32

TryEnterCriticalSection
HeapCreate
AddRefActCtx
FlushConsoleInputBuffer
LoadLibraryA
ReplaceFile
CommConfigDialogA
VirtualAlloc
GetThreadPriority
GetProcessWorkingSetSize
ReadConsoleInputExW
RegisterConsoleVDM
DeleteFileA
FindResourceExA
DisconnectNamedPipe
ReadDirectoryChangesW
SetConsoleKeyShortcuts
GetCurrentThreadId
EnumCalendarInfoExW
GetFileAttributesExA
FindNextVolumeMountPointA
LocalAlloc
PostQueuedCompletionStatus
PeekConsoleInputW
SetConsoleOS2OemFormat
OpenFile
SleepEx
FindFirstFileExA
GetThreadSelectorEntry
GetModuleHandleW
FoldStringA
InterlockedFlushSList
SetCurrentDirectoryW
CreateEventA
GetPrivateProfileIntW
SetConsoleTitleA
CloseProfileUserMapping

user32

PostQuitMessage
DefWindowProcW
RegisterClassW

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a248c223f39a963b06892a15139c7907

Headers

File Characteristics

Imports

sqlunirl

gdi32

ntdll

msvcrt

kernel32

user32

Sections

.text Size: 33KB - Virtual size: 33KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 43KB - Virtual size: 155KB

.rsrc Size: 2KB - Virtual size: 2KB

.text
Size: 33KB - Virtual size: 33KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 43KB - Virtual size: 155KB

.rsrc
Size: 2KB - Virtual size: 2KB