685873bf2ca46cafe43939ad12e30028_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

685873bf2ca46cafe43939ad12e30028_JaffaCakes118
Size

38KB
MD5

685873bf2ca46cafe43939ad12e30028
SHA1

6870de318a55ea3da7b7197b7b233867b9fc94bb
SHA256

8c8b84904b3c1075abacc962704f22ef710b9603c010d1f372b4f7f6a419a1f0
SHA512

b6993714d3fce1634c35ba3d1af32c0188f7b60ae05f4b2af994e072f5b7090e3b2a40f4935ab8f755ef04d0569396188e3def5275b64ac89d478ca1289c14ec
SSDEEP

768:/1Kmm3zvO9gUWli6ZaLp6WW6OE+tiZ9uHSWwLqoqZ61V0X:/ujvOi8oaL/WDxtAcHlw2F6D0X

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
685873bf2ca46cafe43939ad12e30028_JaffaCakes118

Files

685873bf2ca46cafe43939ad12e30028_JaffaCakes118
.exe windows:4 windows x86 arch:x86

eb5aeb58382590b109be98c5962516b9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenWaitableTimerA
GetConsoleCommandHistoryLengthA
GetSystemWindowsDirectoryA
FindNextVolumeA
SetVolumeMountPointA
GetLogicalDrives
SetVolumeLabelW
SetVolumeLabelA
FindNextVolumeW
OpenFileMappingA
lstrcpy
_llseek
GetVersionExA
VirtualAlloc
GetProcessId
GetDefaultCommConfigA

dhcpcsvc

DhcpUndoRequestParams

odbc32

SQLParamData
SQLPutData

crypt32

CertFreeCertificateContext

user32

DestroyAcceleratorTable
CopyRect
CloseWindow
SendMessageA
GetIconInfo
ChildWindowFromPointEx
GetShellWindow
FindWindowExW
EnumWindows
DeregisterShellHookWindow
UnregisterDeviceNotification
GetClipboardFormatNameA
MessageBoxExA
MessageBoxTimeoutW
SendMessageTimeoutW
BroadcastSystemMessageExW
ShowWindow
RemovePropA
ShowOwnedPopups
SetRect
DefWindowProcA
CreateWindowStationA
GetWindowDC
SendIMEMessageExA

authz

AuthzOpenObjectAudit

d3d8

DebugSetMute

advapi32

AddAuditAccessAce
AddAuditAccessAceEx

Exports

Exports

OpenDwhveaypc
Uylokqu
Ufyuqfldts
Pluewrse
GetHsxlqwpc
OpenOhkessmppl
WriteXxbmpsqede
Wqnvagmuv
Kfwgnqii
Outwuygv
AddBqakkyias
CreateTymjasja
Ewtmngu
Rjbixocma
Fpcufgss
WriteEyeqxxc
Xqkgwjhbu
WriteLkuhbfl

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 600B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 11KB - Virtual size: 327KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 452B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eb5aeb58382590b109be98c5962516b9

Headers

File Characteristics

Imports

kernel32

dhcpcsvc

odbc32

crypt32

user32

authz

d3d8

advapi32

Exports

Exports

Sections

.text Size: 22KB - Virtual size: 21KB

.data Size: 1024B - Virtual size: 600B

.rdata Size: 11KB - Virtual size: 327KB

.edata Size: 512B - Virtual size: 452B

.idata Size: 1KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 880B

.text
Size: 22KB - Virtual size: 21KB

.data
Size: 1024B - Virtual size: 600B

.rdata
Size: 11KB - Virtual size: 327KB

.edata
Size: 512B - Virtual size: 452B

.idata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 880B