7740b9a71352bfbe7f4e8de4ba87fcdf_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

7740b9a71352bfbe7f4e8de4ba87fcdf_JaffaCakes118
Size

244KB
MD5

7740b9a71352bfbe7f4e8de4ba87fcdf
SHA1

3fa367d9d1c684274010928d3e222a42674f7cf1
SHA256

2e9e032e0621efdb1750f44fa2254ce27762dea8da26032dd20d3029f3599e30
SHA512

eb381b1257a3e80137f7113fa62c6e6609a23a25fb5186990412f1e71db8623103ce78196a1aa4204558054c66eb3b24e2cdf1c7fd9efb8a2886440834daab2f
SSDEEP

6144:sS8KAOzh5cB17+9dRGmrV6ZBEASKDxVK:sSoBwxGmr4Zi96

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7740b9a71352bfbe7f4e8de4ba87fcdf_JaffaCakes118

Files

7740b9a71352bfbe7f4e8de4ba87fcdf_JaffaCakes118
.exe windows:4 windows x86 arch:x86

628e29091433a39d8121e10ff403db03

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenMutexA
SetEnvironmentVariableA
InterlockedIncrement
LoadLibraryA
FindAtomW
GetCurrentProcessId
FindNextVolumeW
SetErrorMode
MapViewOfFile
SetNamedPipeHandleState
GetCurrentThreadId
GetExitCodeThread
ExitProcess
FindAtomA
CloseHandle
ReadConsoleOutputW
VirtualAlloc
VirtualProtect
Sleep
SetMailslotInfo
AreFileApisANSI

wmi

WmiCloseBlock
WmiNotificationRegistrationW
WmiOpenBlock
WmiSetSingleInstanceW
WmiQuerySingleInstanceW
WmiQueryAllDataW

dhcpsapi

DhcpGetVersion
DhcpSetSubnetInfo
DhcpSetMScopeInfo
DhcpScanMDatabase
DhcpDeleteServer
DhcpGetServerBindingInfo
DhcpGetClientInfoV4
DhcpEnumSubnets
DhcpGetAllOptions
DhcpAddMScopeElement

gdi32

ExtTextOutW
CreateEnhMetaFileW
PolyBezierTo
GdiSetLastError
CreateRoundRectRgn
CopyEnhMetaFileA
GetClipRgn
SetWinMetaFileBits
CreateFontA
GetCharABCWidthsFloatW
SetArcDirection
GetTextCharset

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.orpc
Size: 70KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.textbs
Size: 65KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 76KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

628e29091433a39d8121e10ff403db03

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

wmi

dhcpsapi

gdi32

Sections

.text Size: 14KB - Virtual size: 13KB

.edata Size: 512B - Virtual size: 33KB

.orpc Size: 70KB - Virtual size: 149KB

.textbs Size: 65KB - Virtual size: 148KB

DATA Size: 76KB - Virtual size: 170KB

.rsrc Size: 17KB - Virtual size: 16KB

.text
Size: 14KB - Virtual size: 13KB

.edata
Size: 512B - Virtual size: 33KB

.orpc
Size: 70KB - Virtual size: 149KB

.textbs
Size: 65KB - Virtual size: 148KB

DATA
Size: 76KB - Virtual size: 170KB

.rsrc
Size: 17KB - Virtual size: 16KB