64d4e3d136e8a1b8fbbacb2d3fd59979_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

64d4e3d136e8a1b8fbbacb2d3fd59979_JaffaCakes118
Size

43KB
MD5

64d4e3d136e8a1b8fbbacb2d3fd59979
SHA1

79c80a8668b4ce529563b561ff6778c9ab330e27
SHA256

2c357310491f6643a133870005248ef8ea4af1734358996e4edf882f17d39158
SHA512

fc56d85ea9dca0c115016468867978a4bece667400fdc70f7837f5cb2fbe776730921699c23a3c43f1aa67905713b44c3783cab144edd9b2eacd0152f99d0e15
SSDEEP

768:yyBnYLuyuF+C/0SYVHpgvfOpUiHf92ZSEGtpvsT51FwdC/pZPodEeEJ6Len:ycnYLuqcvY9KvGpRMZeQFwdinPydEJ66

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
64d4e3d136e8a1b8fbbacb2d3fd59979_JaffaCakes118

Files

64d4e3d136e8a1b8fbbacb2d3fd59979_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e6df9fcaf57d08bf80d5313dfdc89c6a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

imm32

ImmGetCandidateWindow
ImmRegisterClient
ImmGenerateMessage
ImmGetImeInfoEx
ImmGetContext
ImmIMPGetIMEW
ImmAssociateContextEx
ImmIsUIMessageW
ImmGetIMEFileNameA
ImmActivateLayout
ImmEscapeW
ImmReSizeIMCC
ImmEnumInputContext
ImmEnumRegisterWordA

kernel32

TransmitCommChar
ReleaseSemaphore
GetFileAttributesExW
IsBadStringPtrW
Sleep
EnumCalendarInfoExA
GetEnvironmentStringsA
PeekConsoleInputA
GetVersion
GlobalUnfix
RtlCaptureStackBackTrace
LoadLibraryA
CreateHardLinkA
GetConsoleInputExeNameW
EnumDateFormatsExA
VirtualAlloc
WaitForSingleObject

comdlg32

PrintDlgExW
dwOKSubclass
PrintDlgW
GetFileTitleW
FindTextA
ReplaceTextA
FindTextW
ChooseColorA
PrintDlgA
GetOpenFileNameA
GetOpenFileNameW
CommDlgExtendedError
LoadAlterBitmap

setupapi

CM_Set_DevNode_Registry_Property_ExA
SetupQueueDeleteSectionA
InstallHinfSectionA
SetupEnumInfSectionsA
CM_Get_Device_ID_List_ExA
CM_Set_DevNode_Registry_PropertyW
SetupDiCreateDeviceInfoA
SetupFindFirstLineW
SetupUninstallNewlyCopiedInfs
CM_Unregister_Device_InterfaceW
SetupGetLineTextW
CM_Setup_DevNode_Ex
SetupAddInstallSectionToDiskSpaceListA
CM_Delete_Class_Key
SetupGetMultiSzFieldW
CM_Query_Arbitrator_Free_Size_Ex
SetupDiOpenDeviceInterfaceW

msvcrt

_ismbchira
strncpy
_mbctoupper
_setmbcp
fgets
wcstoul
isxdigit
_CIsqrt
wcsncmp
__unDName
_wctime
_ismbckata

advapi32

AccessCheckByTypeResultListAndAuditAlarmW
SetEntriesInAccessListW
ConvertSidToStringSidW
BuildImpersonateTrusteeA
LsaLookupNames2
SystemFunction029
ElfNumberOfRecords
SetKernelObjectSecurity
LsaEnumerateTrustedDomainsEx
SaferiSearchMatchingHashRules
GetUserNameW
OpenThreadToken

user32

DefWindowProcW
RegisterClassW
PostQuitMessage

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1022B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e6df9fcaf57d08bf80d5313dfdc89c6a

Headers

DLL Characteristics

File Characteristics

Imports

imm32

kernel32

comdlg32

setupapi

msvcrt

advapi32

user32

Sections

.text Size: 28KB - Virtual size: 27KB

.data Size: 12KB - Virtual size: 12KB

.rsrc Size: 1024B - Virtual size: 1022B

.reloc Size: 512B - Virtual size: 288B

.text
Size: 28KB - Virtual size: 27KB

.data
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 1024B - Virtual size: 1022B

.reloc
Size: 512B - Virtual size: 288B