754a8b92a8a89c299bde134894a32299_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

754a8b92a8a89c299bde134894a32299_JaffaCakes118
Size

65KB
MD5

754a8b92a8a89c299bde134894a32299
SHA1

5e60fd39c315bbbeefc6f188afae0ba1e8c9d0fe
SHA256

160428546dc99e35ad5a99ffc833c9a355b34a860f6c09d7e1d755c61b43d21b
SHA512

ff703e378d2d55b539d83cbdf12e3ee732a2653aa681405b27f46497bb18eac5db73e22f996dd928387467d6c2404b677179426273399ec92e1856994799ca04
SSDEEP

1536:RM2QNLHzlmn7Z5/FcS3kNmAcPoBzkRJE+uH9twiUcR:C2QpzQP2wTE+E/9tw6R

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
754a8b92a8a89c299bde134894a32299_JaffaCakes118

Files

754a8b92a8a89c299bde134894a32299_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3a5582037903bf8ed83b7acf65cd543c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindNextVolumeA
FindNextVolumeW
GetTempPathA
GetConsoleAliasExesLengthA
SetConsoleKeyShortcuts
CancelWaitableTimer
SetVolumeMountPointA
HeapLock
_lclose
EnumResourceLanguagesA
SetVolumeLabelA
SetVolumeLabelW
GetFileSizeEx
WriteConsoleOutputAttribute
GetThreadTimes
VirtualAlloc

dhcpcsvc

DhcpUndoRequestParams

odbc32

SQLPutData
SQLParamData

crypt32

CertFreeCertificateContext

user32

CharUpperA
SendMessageTimeoutA
AppendMenuA
GetShellWindow
GetInputState
GetTabbedTextExtentA
ChangeDisplaySettingsA
UnionRect
GetMonitorInfoA
RegisterSystemThread
CloseWindow
LoadKeyboardLayoutEx
GetWindowInfo
GetUpdateRgn
ShowOwnedPopups
ShowWindow
MessageBoxExA
GetThreadDesktop
ClientThreadSetup
UnloadKeyboardLayout
ReleaseDC
DrawMenuBarTemp
CreateDialogIndirectParamA

authz

AuthzOpenObjectAudit

d3d8

DebugSetMute

advapi32

AddAuditAccessAceEx
AddAuditAccessAce

Exports

Exports

Aqtbrmjhtd
Odexbuj
BeginRdghhxdc
Feyepylnvpw
ReadGsjijhfhgx
Xropibgpu
BeginFeapmvurcqp
ReadOtpmivfddp
EndWyvoswp
CloseYjtlnmfp
Udjddup
Nweqswmbkd
SetJuaabmu
WriteGfmkvaun
Euvohwk
ReadSxotbhrbo
Qsvbjcbwuvg
InitHshchbtx

Sections

.text
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 600B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 19KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 464B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 868B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3a5582037903bf8ed83b7acf65cd543c

Headers

File Characteristics

Imports

kernel32

dhcpcsvc

odbc32

crypt32

user32

authz

d3d8

advapi32

Exports

Exports

Sections

.text Size: 41KB - Virtual size: 40KB

.data Size: 1024B - Virtual size: 600B

.rdata Size: 19KB - Virtual size: 124KB

.edata Size: 512B - Virtual size: 464B

.idata Size: 1KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 868B

.text
Size: 41KB - Virtual size: 40KB

.data
Size: 1024B - Virtual size: 600B

.rdata
Size: 19KB - Virtual size: 124KB

.edata
Size: 512B - Virtual size: 464B

.idata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 868B