628c2b37a589833a34900c8705c40812_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

628c2b37a589833a34900c8705c40812_JaffaCakes118
Size

255KB
MD5

628c2b37a589833a34900c8705c40812
SHA1

a2a3358d2e3d1753c933eb7ceed9f20f0607974e
SHA256

6b668817a9d215bf8f8e0dad7d9ee0749d754a317007c5ca26e26f0879c1d36f
SHA512

1a87a63d10335d2eaf23f6f3b598a6b54f8d62e524bb4d8708239ce9f17c98f03d5f323c3374f111d576546900664a8e9eb38043df25022c266c8adcb2a1c932
SSDEEP

6144:X6JMH/FiuhXnbfupKrjNhVvzvsQtbp98t3RzhOsdty2nhGlXyt:X/fuorpnv4Q1p9Whdty2nx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
628c2b37a589833a34900c8705c40812_JaffaCakes118

Files

628c2b37a589833a34900c8705c40812_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e9fad729de127ff7e4915be6a407a681

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoInitializeEx
CoUninitialize
StringFromCLSID
CoTaskMemFree
CoCreateInstance

shlwapi

PathIsUNCA

rpcrt4

UuidFromStringA
RpcStringFreeA
UuidToStringA

user32

ExitWindowsEx
wsprintfA
LoadStringA

oleaut32

VariantCopy
SafeArrayCopy
SafeArrayLock
SysAllocStringLen
GetErrorInfo
SafeArrayGetLBound
SysAllocString
SafeArrayDestroy
SysFreeString
SafeArrayUnlock
SafeArrayGetUBound
VariantClear
VariantInit
VariantChangeType

mpr

WNetCancelConnection2A
WNetAddConnection2A

kernel32

lstrcmpiA
LockResource
OpenProcess
SetFilePointer
LocalAlloc
GetFullPathNameA
TlsSetValue
UnmapViewOfFile
CreateFileA
LocalFree
lstrlenW
GetCurrentThreadId
CopyFileA
FindNextFileA
FormatMessageA
WaitForSingleObject
OpenEventA
LCMapStringA
HeapFree
SetProcessWorkingSetSize
lstrlenA
HeapDestroy
OpenFileMappingA
CreateEventA
GetUserDefaultLCID
WaitForMultipleObjects
MoveFileA
SetFileAttributesA
ReadFile
CreateDirectoryA
MapViewOfFile
HeapSize
FreeLibrary
GetModuleHandleA
FindFirstFileA
WideCharToMultiByte
ReleaseSemaphore
DeleteFileA
DeleteCriticalSection
RaiseException
EnterCriticalSection
ReleaseMutex
PulseEvent
CreateFileMappingA
CreateSemaphoreA
FindClose
LoadResource
RemoveDirectoryA
HeapReAlloc
CreateMutexA
HeapAlloc
FindResourceExA
LeaveCriticalSection
FindResourceA
CloseHandle
SizeofResource
WriteFile
GetSystemTimeAsFileTime
GetACP
GetThreadLocale
GetProcessHeap
TlsGetValue
IsValidLocale
VirtualAllocEx
GetModuleHandleW

winspool.drv

SetPrinterW
AddPortExA
EnumPrintProcessorDatatypesW
EnumPrinterKeyW
ConvertUnicodeDevModeToAnsiDevmode
FlushPrinter
EnumPrintProcessorsA
DeletePrinterIC
SetPrinterA
SetFormW
DeleteMonitorW
DeleteFormA
DeletePrinterDataExW
GetPrinterDriverDirectoryA
AdvancedDocumentPropertiesW
EnumPortsW
ScheduleJob
PrinterMessageBoxW
AddFormW

ifmon

InitHelperDll

Sections

.IOGQykq
Size: 1024B - Virtual size: 14KB

IMAGE_SCN_MEM_READ

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.uMzdCA
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.AKih
Size: 512B - Virtual size: 202B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.kJEvbPR
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.YhcdE
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.WEZpcr
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 208KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.NwAD
Size: 1024B - Virtual size: 652B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.VIqHZ
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ISwRHu
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ezNfXgG
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e9fad729de127ff7e4915be6a407a681

Headers

DLL Characteristics

File Characteristics

Imports

ole32

shlwapi

rpcrt4

user32

oleaut32

mpr

kernel32

winspool.drv

ifmon

Sections

.IOGQykq Size: 1024B - Virtual size: 14KB

.text Size: 18KB - Virtual size: 18KB

.uMzdCA Size: 2KB - Virtual size: 1KB

.AKih Size: 512B - Virtual size: 202B

.kJEvbPR Size: 1KB - Virtual size: 1KB

.YhcdE Size: 2KB - Virtual size: 1KB

.WEZpcr Size: 2KB - Virtual size: 1KB

.data Size: 8KB - Virtual size: 71KB

.rdata Size: 208KB - Virtual size: 208KB

.NwAD Size: 1024B - Virtual size: 652B

.VIqHZ Size: 2KB - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 1KB

.ISwRHu Size: 2KB - Virtual size: 1KB

.ezNfXgG Size: 2KB - Virtual size: 2KB

.IOGQykq
Size: 1024B - Virtual size: 14KB

.text
Size: 18KB - Virtual size: 18KB

.uMzdCA
Size: 2KB - Virtual size: 1KB

.AKih
Size: 512B - Virtual size: 202B

.kJEvbPR
Size: 1KB - Virtual size: 1KB

.YhcdE
Size: 2KB - Virtual size: 1KB

.WEZpcr
Size: 2KB - Virtual size: 1KB

.data
Size: 8KB - Virtual size: 71KB

.rdata
Size: 208KB - Virtual size: 208KB

.NwAD
Size: 1024B - Virtual size: 652B

.VIqHZ
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 1KB

.ISwRHu
Size: 2KB - Virtual size: 1KB

.ezNfXgG
Size: 2KB - Virtual size: 2KB