94851e008db7b6067b787b98e549ac34_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

94851e008db7b6067b787b98e549ac34_JaffaCakes118
Size

19KB
MD5

94851e008db7b6067b787b98e549ac34
SHA1

4a5a0b7add264744bc1b01221a2301cab8032943
SHA256

544cdc468aaf23e150085fecd44b6bb67fbb9265ec37e01abc4e51550ddcaeb8
SHA512

1d99df04228c4c4728af188d63d9d53f061c0512ab0685dc73ff5c203931d4db366c031df7efab2e5a46be24854b8ef7f5eaff5908ec2289914d86f86d2d4ae7
SSDEEP

384:VTCZTuS30w0Ry/eicuefIHAhyQxpTsOH66wbGE4+af6CrLdd:V6350ROJWIOyQ/sy66MM+afJr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
94851e008db7b6067b787b98e549ac34_JaffaCakes118

Files

94851e008db7b6067b787b98e549ac34_JaffaCakes118
.exe windows:4 windows x86 arch:x86

72934eaabb4f0618a856513dd8d0551b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlInitUnicodeString
RtlCompareUnicodeString

netapi32

DsGetDcNameW
NetServerGetInfo
NetUserModalsGet
DsRoleGetPrimaryDomainInformation
DsRoleFreeMemory
NetApiBufferFree

ole32

CoTaskMemAlloc
ReleaseStgMedium
CreateStreamOnHGlobal
CoUninitialize
CoCreateInstance
CoTaskMemFree
StringFromGUID2
GetHGlobalFromStream
StringFromCLSID
CoInitialize

kernel32

InterlockedIncrement
UnhandledExceptionFilter
GetModuleHandleW
Sleep
GlobalLock
SetUnhandledExceptionFilter
GetLastError
GetCurrentProcess
CompareStringW
GetModuleFileNameW
GlobalFree
LoadLibraryA
InterlockedDecrement
GlobalAlloc
GetProcAddress
LoadLibraryW
GetVersionExW
CompareFileTime
GetComputerNameW
GlobalUnlock
MultiByteToWideChar
lstrcpynW
IsBadWritePtr
LocalAlloc
lstrlenW
GetCurrentProcessId
GetVersion
GetCurrentThreadId
TerminateProcess
GetSystemTimeAsFileTime
FormatMessageW
CloseHandle
DeleteCriticalSection
GetFileAttributesW
FreeConsole
GetWindowsDirectoryW
VirtualAlloc
SetLastError
GetTickCount
GetModuleHandleA
WideCharToMultiByte
OutputDebugStringA
IsBadStringPtrW
GetSystemWindowsDirectoryW
lstrcmpiW
QueryPerformanceCounter
LocalFree

crypt32

CryptFindOIDInfo
CryptEncodeObject
CryptDecodeObject
CryptFormatObject
CryptEnumOIDInfo

msvcrt

_adjust_fdiv
wcscmp
strncmp
_except_handler3
strstr
_initterm
free
wcsstr
mbstowcs
__dllonexit
wcsncpy
_wcsicmp
wcscpy
_wcsnicmp
wcslen
_stricmp
malloc
__RTDynamicCast
wcschr
_ultow
_purecall
_onexit
_CxxThrowException
strspn
atoi
iswspace
__CxxFrameHandler

shell32

ShellExecuteW

user32

EnableWindow
GetDlgCtrlID
OpenClipboard
LoadStringW
LoadMenuW
LoadIconW
SetClipboardData
WinHelpW
EmptyClipboard
MessageBoxW
UnhookWindowsHookEx
PostMessageW
SetWindowLongW
GetWindowLongW
InsertMenuItemW
SendMessageW
RegisterClipboardFormatW
GetDlgItem
GetParent
ChildWindowFromPointEx
SetWindowsHookExW
CallNextHookEx
GetSubMenu
CloseClipboard
ScreenToClient
LoadBitmapW

certcli

CAGetCertTypeExtensions
CAGetCertTypeExpiration
CACertTypeSetSecurity
CAInstallDefaultCertType
CAGetCertTypeKeySpec
CAOIDAdd
CAFindCertTypeByName
CAOIDCreateNew
CAGetCertTypePropertyEx
CAFreeCertTypeExtensions
CAGetCertTypeProperty
CASetCertTypeKeySpec
CASetCertTypePropertyEx
CAIsCertTypeCurrent
CACloseCertType
CAOIDFreeProperty
CAOIDDelete
CASetCertTypeFlagsEx
CASetCertTypeExpiration
CACloneCertType
CACertTypeGetSecurity
CAOIDGetProperty
CAFreeCertTypeProperty
CAGetCertTypeFlagsEx
CAUpdateCertType
CASetCertTypeExtension
CAOIDSetProperty
CADeleteCertType

usp10

ScriptGetFontProperties

Sections

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

72934eaabb4f0618a856513dd8d0551b

Headers

File Characteristics

Imports

ntdll

netapi32

ole32

kernel32

crypt32

msvcrt

shell32

user32

certcli

usp10

Sections

.rdata Size: 8KB - Virtual size: 7KB

.text Size: 512B - Virtual size: 432B

.idata Size: 5KB - Virtual size: 4KB

.data Size: - Virtual size: 144KB

.rsrc Size: 20KB - Virtual size: 19KB

.rdata
Size: 8KB - Virtual size: 7KB

.text
Size: 512B - Virtual size: 432B

.idata
Size: 5KB - Virtual size: 4KB

.data
Size: - Virtual size: 144KB

.rsrc
Size: 20KB - Virtual size: 19KB