66afc0bbbf5c7141cdd4dcf61eaaa82c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

66afc0bbbf5c7141cdd4dcf61eaaa82c_JaffaCakes118
Size

93KB
MD5

66afc0bbbf5c7141cdd4dcf61eaaa82c
SHA1

5418aa83730f7a7bc9475fb76ac33d13638617c5
SHA256

adab806c1a888e44717db1d2e7e428b681d216474c8968698d7a8ccd66ee7931
SHA512

8565ae84f8afb3da64b7022bbe9fe9b0f676d8e55982b4fe1020224730d722acf8c633631e6e508d3fc9ad8064d76ec1572d8ea991465f28a545ef1ea79a5be8
SSDEEP

1536:ok2hxaNUlvINQI/DuQKDCxPh9JVAF0Gg8EPyLZIh+/pwPzu/Uw:okYcNY8xaQKD6PhniF0Gg8mSOJu/Uw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
66afc0bbbf5c7141cdd4dcf61eaaa82c_JaffaCakes118

Files

66afc0bbbf5c7141cdd4dcf61eaaa82c_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f5474c338b1a5aeed2b9bfd9297d1b2f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
VirtualAlloc
GetVersion
SwitchToFiber
GetTickCount
PrepareTape
GetExpandedNameW
LZClose
RemoveDirectoryW
DosPathToSessionPathW
GetCalendarInfoW
FindVolumeMountPointClose
_lwrite
GetCurrentActCtx
FindVolumeClose
RtlUnwind
GlobalLock
GetConsoleNlsMode
WaitForDebugEvent
SetConsoleMenuClose
WideCharToMultiByte
LoadLibraryA

advapi32

BackupEventLogW
QueryServiceLockStatusW
BuildTrusteeWithNameA
SetSecurityDescriptorOwner
SystemFunction011
RegCreateKeyA
LsaSetQuotasForAccount
LsaCreateAccount
ElfRegisterEventSourceW
DeleteAce
QueryTraceW
RegisterServiceCtrlHandlerW
CryptGetProvParam
RegisterServiceCtrlHandlerExA

msdart

?ReadOrWriteLock@CReaderWriterLock3@@QAE_NXZ
?ReadOrWriteLock@CSpinLock@@QAE_NXZ
?_Lock@CSpinLock@@AAEXXZ
?InitializeVersionInfo@CMdVersionInfo@@CAHXZ
?sm_wDefaultSpinCount@CSpinLock@@1GA
?Size@CLKRLinearHashTable@@QBEKXZ
?_TryReadLock@CReaderWriterLock3@@AAE_NXZ
?ConvertExclusiveToShared@CLKRHashTable@@QBEXXZ
?IsReadLocked@CLKRHashTable@@QBE_NXZ
?SetSpinCount@CCritSec@@QAE_NG@Z
??0CLockedSingleList@@QAE@XZ
?ReadOrWriteLock@CCritSec@@QAE_NXZ
MpHeapReAlloc

sfc

SfpVerifyFile
SRSetRestorePointA
SRSetRestorePoint
SRSetRestorePointW
SfcGetNextProtectedFile
SfcIsFileProtected

msvcrt40

_chdir
_beginthreadex
_mbctohira
??1exception@@UAE@XZ
fabs
?sputc@streambuf@@QAEHH@Z
_winmajor
??0istream@@IAE@ABV0@@Z
_ismbcsymbol
__threadhandle
strcat
__RTtypeid
??0strstream@@QAE@PADHH@Z
feof
_cscanf
fgetws

comdlg32

ChooseColorW
ChooseFontA
PrintDlgExW
FindTextW
FindTextA
PrintDlgA
GetSaveFileNameA
dwLBSubclass
PrintDlgW
ReplaceTextW
ChooseColorA
GetFileTitleA

wshtcpip

WSHGetSocketInformation
WSHGetSockaddrType
WSHNotify
WSHAddressToString
WSHGetWildcardSockaddr
WSHGetProviderGuid
WSHEnumProtocols
WSHGetWinsockMapping
WSHStringToAddress
WSHGetBroadcastSockaddr
WSHGetWSAProtocolInfo
WSHJoinLeaf

Sections

.text
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f5474c338b1a5aeed2b9bfd9297d1b2f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

msdart

sfc

msvcrt40

comdlg32

wshtcpip

Sections

.text Size: 41KB - Virtual size: 40KB

.data Size: 25KB - Virtual size: 31KB

.rsrc Size: 25KB - Virtual size: 25KB

.reloc Size: 512B - Virtual size: 320B

.text
Size: 41KB - Virtual size: 40KB

.data
Size: 25KB - Virtual size: 31KB

.rsrc
Size: 25KB - Virtual size: 25KB

.reloc
Size: 512B - Virtual size: 320B