87ebcc681d9018ec1f6fb1958743a6b1_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

87ebcc681d9018ec1f6fb1958743a6b1_JaffaCakes118
Size

255KB
MD5

87ebcc681d9018ec1f6fb1958743a6b1
SHA1

5b6a0f77ca333d6e8e621cb1477a3475e406b02d
SHA256

dfc959e8684ce11f9dafd16986f0d05d2a9e3c03da55172dacd175be216a5db4
SHA512

2ed6cef44c24e815cde53d754baa765585bc3c4225f57888c2ee6bbd4d92cd42457ba0af48102d07c8c20f9b1f5512a912989d6f5eba71c3854531076c7ed134
SSDEEP

3072:n0VC2gLy9ML+WhzIU4tNe157PwqLqn3Wi8mUUt+COaLH1DsG0SKW3WVJA7cw3/7m:xjErtNe/ss+GPmd+Na/Yy9v74R3bB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
87ebcc681d9018ec1f6fb1958743a6b1_JaffaCakes118

Files

87ebcc681d9018ec1f6fb1958743a6b1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1fcd465dcde3a4b23d671101cf8d583f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetSystemMetrics
EnumWindows
PostMessageW
GetDesktopWindow
GetWindowThreadProcessId

rpcrt4

UuidToStringW
RpcStringFreeW
UuidCreate

oleaut32

VariantInit
SysStringLen
VarBstrCat
VariantClear
SysAllocStringLen
SysAllocString
SysStringByteLen
SysAllocStringByteLen
SysFreeString

psapi

GetModuleBaseNameW

ole32

StringFromGUID2
CoCreateInstance

kernel32

GetCurrentThreadId
HeapSize
FindResourceExW
WaitForSingleObject
CreateProcessW
LeaveCriticalSection
GetSystemTime
FileTimeToSystemTime
CreateIoCompletionPort
UnhandledExceptionFilter
FindResourceW
GlobalFree
IsDebuggerPresent
lstrlenA
HeapDestroy
WaitForMultipleObjects
LocalAlloc
WideCharToMultiByte
FormatMessageW
HeapFree
SetUnhandledExceptionFilter
EnterCriticalSection
RaiseException
SizeofResource
SystemTimeToFileTime
LoadLibraryExW
CloseHandle
GetQueuedCompletionStatus
WTSGetActiveConsoleSessionId
FreeLibrary
HeapReAlloc
GetComputerNameExW
CompareFileTime
LocalFree
LockResource
ExpandEnvironmentStringsW
HeapAlloc
GetSystemTimeAsFileTime
OpenProcess
lstrlenW
PostQueuedCompletionStatus
GetProcessHeap
DeleteCriticalSection
CreateFileW
LoadResource
VirtualAllocEx

esent

JetFreeBuffer
JetIntersectIndexes
JetDelete
JetEscrowUpdate
JetGrowDatabase
JetGetLogInfoInstance
JetGetInstanceInfo
JetGetCursorInfo
JetAttachDatabaseWithStreaming
JetSnapshotStart
JetGetLogInfoInstance2
JetMove

qedit

DllCanUnloadNow
DllRegisterServer

Sections

.XmgFYrO
Size: 2KB - Virtual size: 37KB

IMAGE_SCN_MEM_READ

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.uMxUx
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.BBAMT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xJLvY
Size: 1024B - Virtual size: 826B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CouTKB
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 6KB - Virtual size: 237KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.OSQZEz
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 208KB - Virtual size: 207KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.WAkML
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tXAQwW
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tNBKN
Size: 1024B - Virtual size: 514B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.FJjdss
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1fcd465dcde3a4b23d671101cf8d583f

Headers

DLL Characteristics

File Characteristics

Imports

user32

rpcrt4

oleaut32

psapi

ole32

kernel32

esent

qedit

Sections

.XmgFYrO Size: 2KB - Virtual size: 37KB

.text Size: 18KB - Virtual size: 18KB

.uMxUx Size: 1KB - Virtual size: 1KB

.BBAMT Size: 2KB - Virtual size: 2KB

.xJLvY Size: 1024B - Virtual size: 826B

.CouTKB Size: 3KB - Virtual size: 2KB

.data Size: 6KB - Virtual size: 237KB

.OSQZEz Size: 2KB - Virtual size: 1KB

.rdata Size: 208KB - Virtual size: 207KB

.WAkML Size: 2KB - Virtual size: 2KB

.tXAQwW Size: 2KB - Virtual size: 2KB

.tNBKN Size: 1024B - Virtual size: 514B

.rsrc Size: 1KB - Virtual size: 1KB

.FJjdss Size: 1KB - Virtual size: 1KB

.XmgFYrO
Size: 2KB - Virtual size: 37KB

.text
Size: 18KB - Virtual size: 18KB

.uMxUx
Size: 1KB - Virtual size: 1KB

.BBAMT
Size: 2KB - Virtual size: 2KB

.xJLvY
Size: 1024B - Virtual size: 826B

.CouTKB
Size: 3KB - Virtual size: 2KB

.data
Size: 6KB - Virtual size: 237KB

.OSQZEz
Size: 2KB - Virtual size: 1KB

.rdata
Size: 208KB - Virtual size: 207KB

.WAkML
Size: 2KB - Virtual size: 2KB

.tXAQwW
Size: 2KB - Virtual size: 2KB

.tNBKN
Size: 1024B - Virtual size: 514B

.rsrc
Size: 1KB - Virtual size: 1KB

.FJjdss
Size: 1KB - Virtual size: 1KB