6a87e20f3295aa36423d45b1bcdca342_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6a87e20f3295aa36423d45b1bcdca342_JaffaCakes118
Size

51KB
MD5

6a87e20f3295aa36423d45b1bcdca342
SHA1

ceb60a4ea341a76c4a68c8455d21b39100a77b4a
SHA256

92101b997770668da1a8300ad84188623063764e57a8ea9d523a3df733dcae38
SHA512

1782ce713a62d67102d893aad36d9e672907ebe6f1da0eca75cdfc65624daff3c8c59db335a41110781a8c50b91629eda9d4e0cad9e3a19c3c24af870a3655c4
SSDEEP

768:olveA66bgESynVRnz9bjNQJVL8qjhtjQEhpkoEZz4xqiWi5JhgTSsBR:4eA66bVJ/QoqLQEheZkxqi1hgusBR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6a87e20f3295aa36423d45b1bcdca342_JaffaCakes118

Files

6a87e20f3295aa36423d45b1bcdca342_JaffaCakes118
.exe windows:5 windows x86 arch:x86

d69bbcf8ece96f9b5d10e544b87011a5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrencyFormatA
LocalShrink
LZInit
GetNextVDMCommand
GetBinaryTypeW
GetConsoleHardwareState
GetFullPathNameA
PrivCopyFileExW
BuildCommDCBA
TerminateJobObject
GetEnvironmentStrings
IsProcessorFeaturePresent
OpenJobObjectA
LocalAlloc
NlsGetCacheUpdateCount
CreateEventW
FindResourceA
GetEnvironmentStringsW
GetLargestConsoleWindowSize
UnregisterConsoleIME
CmdBatNotification
RtlZeroMemory
SwitchToThread
ReadConsoleInputExW
LocalReAlloc
WriteProcessMemory
SetConsoleInputExeNameW
GetLocalTime
CreateDirectoryExA
GetTimeZoneInformation
SetLocalTime
RtlMoveMemory
MoveFileWithProgressA
GetUserDefaultLCID
_lclose
GetDiskFreeSpaceW
FileTimeToDosDateTime
SleepEx
OpenWaitableTimerA
SetComPlusPackageInstallStatus
QueryPerformanceCounter
HeapSize
LoadLibraryA
EraseTape
GetCurrentDirectoryW
GetCommProperties
GetNumberOfConsoleMouseButtons
SetVolumeLabelW
CreateTimerQueue
GetConsoleAliasesLengthW
GetCurrentThread
GetConsoleAliasExesA
WriteConsoleW
CreatePipe
PeekConsoleInputA
CreateWaitableTimerW
CreateMemoryResourceNotification
FindActCtxSectionStringW
GetConsoleScreenBufferInfo
EnumResourceNamesW
DeleteFileW
GetBinaryTypeA
GetConsoleCursorInfo
GetConsoleTitleW
FindFirstVolumeA
UnlockFile
VirtualAlloc
GetFileAttributesW
GetSystemWindowsDirectoryA
InterlockedExchange
GetConsoleWindow
CompareStringW
Heap32ListFirst
TransactNamedPipe
SetThreadPriority
DeleteAtom
LeaveCriticalSection
WaitForSingleObject
RequestDeviceWakeup
OutputDebugStringA

softpub

SoftpubLoadSignature
OfficeCleanupPolicy
SoftpubLoadDefUsageCallData
SoftpubAuthenticode
SoftpubFreeDefUsageCallData
DriverFinalPolicy
SoftpubDumpStructure
HTTPSFinalProv
OfficeInitializePolicy
HTTPSCertificateTrust
DriverCleanupPolicy
SoftpubDefCertInit
GenericChainCertificateTrust
AddPersonalTrustDBPages
SoftpubLoadMessage
SoftpubInitialize
FindCertsByIssuer
OpenPersonalTrustDBDialog
SoftpubCheckCert
GenericChainFinalProv
SoftpubCleanup
DriverInitializePolicy

regapi

RegUserConfigSet
RegWinStationQueryW
RegGetMachinePolicyEx
RegCdDeleteA
RegDenyTSConnectionsPolicy
RegWinStationCreateW
RegWinStationSetNumValueW
RegCdDeleteW
RegWdEnumerateW
RegGetUserConfigFromUserParameters
RegDefaultUserConfigQueryW
RegWinStationSetSecurityW
RegGetUserPolicy
RegOpenServerW
RegIsTServer
RegWinStationQueryEx
RegWinStationEnumerateW
RegQueryOEMId
RegFreeUtilityCommandList
RegPdEnumerateA
RegPdCreateA
RegWdQueryA
RegIsMachinePolicyAllowHelp
RegWinStationQuerySecurityW
RegPdQueryW
RegDefaultUserConfigQueryA
RegGetMachinePolicy
RegWinStationQueryNumValueW
RegWdCreateA
RegBuildNumberQuery
RegWinStationSetSecurityA
RegConsoleShadowQueryW
RegWinStationQueryValueW
RegOpenServerA
RegPdDeleteW
WaitForTSConnectionsPolicyChanges
RegUserConfigDelete
RegCdCreateW
RegWinStationAccessCheck
RegWinStationQueryA

winsta

_WinStationNotifyLogon
_NWLogonSetAdmin
ServerLicensingLoadPolicy
WinStationOpenServerA
_WinStationNotifyNewSession
WinStationSetPoolCount
WinStationVirtualOpen
WinStationSetInformationA
WinStationGetLanAdapterNameW
_WinStationUpdateClientCachedCredentials
WinStationEnumerateA
_WinStationBeepOpen
WinStationConnectW
_WinStationUpdateUserConfig
_WinStationReadRegistry
WinStationGetProcessSid
WinStationGetMachinePolicy
WinStationCloseServer
_WinStationNotifyLogoff
WinStationShutdownSystem
WinStationQueryInformationW
WinStationNameFromLogonIdW
ServerLicensingGetPolicyInformationA
WinStationEnumerateProcesses
_WinStationNotifyDisconnectPipe
_WinStationGetApplicationInfo
WinStationNtsdDebug
WinStationNameFromLogonIdA
ServerQueryInetConnectorInformationW
LogonIdFromWinStationNameW
WinStationDisconnect
WinStationConnectCallback
WinStationRemoveLicense
WinStationEnumerate_IndexedA
ServerLicensingFreePolicyInformation
ServerLicensingOpenW
WinStationServerPing
WinStationCheckLoopBack
WinStationRegisterConsoleNotification
ServerLicensingGetAvailablePolicyIds

atmlib

ATMGetFontInfo
ATMGetBuildStr
ATMGetOutlineA
ATMSetFlags
ATMForceFontChange
ATMGetNtmFieldsW
ATMFontAvailableA
ATMAddFontExW
ATMSelectObject
ATMGetFontInfoW
ATMAddFontExA
ATMXYShowTextA
ATMFontAvailableW
ATMRemoveFont
ATMGetNtmFieldsA
ATMGetPostScriptNameA
ATMMakePSSW
ATMFinish
ATMGetVersionExA
ATMAddFont
ATMGetFontBBox
ATMGetVersion
ATMRemoveSubstFontW
ATMGetOutline
ATMAddFontA
ATMGetMenuNameA
ATMGetNtmFields
ATMGetPostScriptName
ATMMakePSS
ATMGetMenuName
ATMEnumFontsW
ATMFontStatusA
ATMAddFontW
ATMGetFontInfoA
ATMGetBuildStrA
ATMGetFontPathsA
ATMGetOutlineW
ATMEnumFonts
ATMXYShowText

Sections

.text
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d69bbcf8ece96f9b5d10e544b87011a5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

softpub

regapi

winsta

atmlib

Sections

.text Size: 37KB - Virtual size: 37KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 1KB - Virtual size: 16KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 37KB - Virtual size: 37KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 1KB - Virtual size: 16KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 1024B - Virtual size: 1024B