6adc376feec246149da4853641ba7103_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6adc376feec246149da4853641ba7103_JaffaCakes118
Size

15KB
MD5

6adc376feec246149da4853641ba7103
SHA1

3a11bc76c5e0a773ae49d9a40b036b47ac401978
SHA256

aab54462909f1d92feba94d5b3400abacd174af2407bccd183e0449383df7ea7
SHA512

971af7bc597d5bf14e41f05b175982bd8d854859453c476d2e6c4275085bc1abbc351c3a63900ae1bdefb203b0b283d4c70ffe65a4ca6cb8e19047b8873329c7
SSDEEP

192:VZce+verFcetI3CW6/FhTTLvewnPPuarUF5wBfvTy3qczTpcizexPwhq7:VZoYFnI3CW6NhTBUF5ifW3FTdU1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6adc376feec246149da4853641ba7103_JaffaCakes118

Files

6adc376feec246149da4853641ba7103_JaffaCakes118
.exe windows:5 windows x86 arch:x86

17efbe149bd66984deddacdc20981586

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalAddAtomW
GlobalFlags
GlobalSize
Heap32Next
HeapCompact
HeapLock
InitializeCriticalSectionAndSpinCount
IsBadCodePtr
LeaveCriticalSection
LocalAlloc
LockResource
MapViewOfFile
MapViewOfFileEx
OutputDebugStringW
PeekConsoleInputA
PrepareTape
Process32NextW
QueryPerformanceFrequency
ReadConsoleOutputA
ReadConsoleOutputCharacterA
ReleaseMutex
ScrollConsoleScreenBufferA
SetComputerNameExW
SetConsoleTitleW
SetEvent
GetWindowsDirectoryA
SetFilePointer
SetLocaleInfoW
SetNamedPipeHandleState
SetPriorityClass
SetThreadContext
SetTimeZoneInformation
SetTimerQueueTimer
SetupComm
SwitchToFiber
SystemTimeToFileTime
TerminateJobObject
TlsFree
TransmitCommChar
VerLanguageNameW
WaitForDebugEvent
WriteConsoleOutputCharacterW
WriteConsoleOutputW
WriteTapemark
_lclose
_lopen
lstrcatW
lstrcmp
lstrcmpW
lstrcpyA
GetVersion
GetThreadTimes
GetSystemTimeAsFileTime
GetSystemTime
GetSystemDefaultLangID
GetStringTypeW
GetStringTypeExW
GetProcessVersion
GetPrivateProfileStructA
GetPrivateProfileStringA
GetPrivateProfileSectionNamesA
GetPrivateProfileIntA
GetLocaleInfoW
GetLocaleInfoA
GetLargestConsoleWindowSize
GetFileTime
GetCurrentProcessId
GetCurrentProcess
GetCurrencyFormatA
GetConsoleAliasW
GetModuleHandleA
GetComputerNameW
GetAtomNameA
FormatMessageW
FindNextVolumeMountPointA
FillConsoleOutputAttribute
FatalExit
EnumUILanguagesW
EnumUILanguagesA
EnumSystemCodePagesA
EnumResourceTypesA
EnumDateFormatsExA
EnumCalendarInfoExA
DebugBreak
CreateProcessW
CreateJobObjectA
CreateEventA
CopyFileExW
ClearCommError
BuildCommDCBW
GetProcAddress
SetFileApisToOEM

msvcrt

memset

advapi32

RegOpenKeyExA

oleaut32

VarBstrFromCy
VarBstrFromDate
VarBstrFromR8
VarBstrFromUI2
VarCyCmpR8
VarCyFromI2
VarCyFromI4
VarCyFromR8
VarCyNeg
VarDateFromI1
VarDateFromUdate
VarDecCmp
VarDecFromI1
VarDecNeg
VarDecRound
VarI1FromCy
VarI1FromDisp
VarI2FromCy
VarI2FromR4
VarI2FromStr
VarI2FromUI1
VarI4FromI2
VarI4FromUI2
VarI4FromUI4
VarInt
VarPow
VarR4FromCy
VarR4FromDec
VarR4FromI1
VarR8FromBool
VarR8FromCy
VarR8FromDisp
VarR8FromStr
VarR8FromUI1
VarUI1FromCy
VarUI1FromDec
VarUI1FromR8
VarUI1FromUI4
VarUI2FromDate
VarUI2FromDisp
VarUI2FromI2
VarUI2FromI4
VarUI2FromStr
VarUI2FromUI1
VarUI4FromBool
VarUI4FromCy
VarUI4FromUI1
VarUdateFromDate
VariantChangeTypeEx
VariantInit
VariantTimeToSystemTime
VarBstrCmp
VarBstrCat
VarBoolFromUI2
VarBoolFromI1
VarBoolFromDisp
VarBoolFromDec
VARIANT_UserSize
UnRegisterTypeLi
SysStringLen
SysAllocString
SetErrorInfo
SafeArrayUnaccessData
SafeArraySetIID
SafeArrayRedim
SafeArrayPutElement
SafeArrayGetVartype
SafeArrayDestroyDescriptor
SafeArrayCopyData
SafeArrayCopy
SafeArrayAllocDescriptor
RevokeActiveObject
OleTranslateColor
OleLoadPicture
OleIconToCursor
OleCreatePictureIndirect
OleCreateFontIndirect
LoadTypeLibEx
LPSAFEARRAY_UserMarshal
GetRecordInfoFromTypeInfo
GetErrorInfo
GetAltMonthNames
DispInvoke
DispCallFunc
BstrFromVector
BSTR_UserUnmarshal
BSTR_UserMarshal
BSTR_UserFree
QueryPathOfRegTypeLi

imm32

ImmDestroyContext
ImmDestroySoftKeyboard
ImmDisableIME
ImmEnumRegisterWordW
ImmGenerateMessage
ImmGetCandidateListA
ImmGetCandidateListCountA
ImmGetCandidateListW
ImmGetCandidateWindow
ImmGetCompositionFontA
ImmGetConversionListA
ImmGetConversionStatus
ImmGetDescriptionW
ImmGetHotKey
ImmGetIMCCLockCount
ImmGetIMCLockCount
ImmGetIMEFileNameA
ImmCreateContext
ImmGetImeMenuItemsW
ImmGetRegisterWordStyleA
ImmGetVirtualKey
ImmInstallIMEA
ImmIsUIMessageW
ImmLockIMC
ImmNotifyIME
ImmRegisterWordA
ImmRegisterWordW
ImmReleaseContext
ImmRequestMessageW
ImmSetCandidateWindow
ImmSetCompositionFontA
ImmSetCompositionFontW
ImmSetCompositionStringA
ImmSetCompositionStringW
ImmSetConversionStatus
ImmGetImeMenuItemsA
ImmSetOpenStatus
ImmUnregisterWordW
ImmAssociateContext

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text2
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text4
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text3
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

17efbe149bd66984deddacdc20981586

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

advapi32

oleaut32

imm32

Sections

.text Size: 6KB - Virtual size: 5KB

.text2 Size: 7KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 180B

.text4 Size: 1024B - Virtual size: 1000B

.text3 Size: 2KB - Virtual size: 1KB

.rsrc Size: 3KB - Virtual size: 2KB

.text
Size: 6KB - Virtual size: 5KB

.text2
Size: 7KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 180B

.text4
Size: 1024B - Virtual size: 1000B

.text3
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 3KB - Virtual size: 2KB