666b787f17ce1e348adbe840c61adcc4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

666b787f17ce1e348adbe840c61adcc4_JaffaCakes118
Size

1.4MB
MD5

666b787f17ce1e348adbe840c61adcc4
SHA1

33bc81c63176ed16aaadfce69e6d6a8a7edc5d65
SHA256

3b853cb35c4fc88d4474c08be993841378b6c45c011554fbd4c4abd971bd659d
SHA512

56c7446683fa82d8e7d48fff0a12c577a4883df0592b25f66900645fede3c12a429345accca550915e1f6a89148c13c5c8d43a881bd675f61d35050c0ed8178c
SSDEEP

24576:7aJzcgybOGO0fXmeiAiXxifh92TMNPKdfinpVDuUCHmzPd1yllWz:7IcJKyfO9QITMBKB4PdgqCl8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
666b787f17ce1e348adbe840c61adcc4_JaffaCakes118

Files

666b787f17ce1e348adbe840c61adcc4_JaffaCakes118
.exe windows:6 windows x86 arch:x86

00069a38b10358176880d5a66f11028d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

userenv

CreateEnvironmentBlock
ExpandEnvironmentStringsForUserW
DestroyEnvironmentBlock
FreeGPOListW
GetAppliedGPOListW
GetProfilesDirectoryW
LeaveCriticalPolicySection
RegisterGPNotification
UnregisterGPNotification

kernel32

VerLanguageNameW
WaitForMultipleObjectsEx
VirtualUnlock
VerSetConditionMask
VerLanguageNameA
UnhandledExceptionFilter
SetThreadExecutionState
SetLastError
ClearCommError
CreateRemoteThread
CreateTimerQueueTimer
DeleteFileA
EndUpdateResourceA
EnumSystemLocalesA
ExitProcess
FindFirstChangeNotificationA
GetCPInfo
GetCalendarInfoW
GetCommandLineA
GetComputerNameA
GetCurrencyFormatA
GetCurrencyFormatW
GetEnvironmentStringsA
GetFileSize
GetLocaleInfoW
GetPrivateProfileIntW
GetProcAddress
GetProfileStringW
GetTapeParameters
GetTickCount
GetWriteWatch
HeapAlloc
InitAtomTable
IsDBCSLeadByte
IsProcessorFeaturePresent
LocalFileTimeToFileTime
MoveFileWithProgressA
PurgeComm
QueryPerformanceCounter

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerFindFileA
VerFindFileW
VerInstallFileA
VerInstallFileW
VerQueryValueA
VerQueryValueW

user32

GetDlgItem
UpdateWindow
BeginPaint
CreateDialogIndirectParamA
CreateMDIWindowA
EndPaint
FillRect
GetDC
LoadAcceleratorsW
LoadImageA
MessageBoxA
PostMessageA
SendMessageA
ShowWindow

ntdll

RtlLengthSid
RtlNtStatusToDosError
RtlNumberGenericTableElements
RtlStartRXact
RtlpNtOpenKey
ZwCreateTimer
ZwGetContextThread
RtlUlonglongByteSwap
RtlEqualLuid
RtlCopySid
NtReleaseMutant
NtReadRequestData
NtQueryInstallUILanguage
NtMakeTemporaryObject
NtCreateMailslotFile
NtCompleteConnectPort
LdrQueryImageFileExecutionOptions
KiRaiseUserExceptionDispatcher

Exports

Exports

GBvmqXs
LcfSVqrz
NlrmtihaaGPsF
ZdpEaeeJerezLk
cfJaugvagsQnsh
gsqlgtqqazm
hxorfnUiltyf
jjQqu
kcbWe
towARpuaIxDdwhmrcwj
uuqhaj
vvnuFbwctm
wWcvaCdunqexl
wftpzU
xuifbzdtwg
yVOjwxzbogsfhr
yZEWrfzfw
ywWjfbgSs
yzskdKlP

Sections

.text
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 487KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

00069a38b10358176880d5a66f11028d

Headers

File Characteristics

Imports

userenv

kernel32

version

user32

ntdll

Exports

Exports

Sections

.text Size: 58KB - Virtual size: 57KB

.data Size: 487KB - Virtual size: 1.1MB

.rsrc Size: 53KB - Virtual size: 53KB

.text
Size: 58KB - Virtual size: 57KB

.data
Size: 487KB - Virtual size: 1.1MB

.rsrc
Size: 53KB - Virtual size: 53KB