a0210df9ead6b6f71dec2dabc50c9bfa_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

a0210df9ead6b6f71dec2dabc50c9bfa_JaffaCakes118
Size

23KB
MD5

a0210df9ead6b6f71dec2dabc50c9bfa
SHA1

e6dfbcba458bb9293cdcafea0ab0b50fa0a7f5c2
SHA256

17a95122dd525e956a564b5c24d49b9be2e8490d0ccc42f74b6bb549b66e1ae5
SHA512

a70fdcc55890180351c06b1c25d39852700427445efd6f2a9125e1de12cb62da30847a6d2b9141cbcab69b5c092c131ed87747296e31e8f4b92b4c651d5ea753
SSDEEP

384:XH1tupWVIY0MvtTBTyB/Nx56V0CUOhpPMQ6T1RM+KzmchWg9PcjjjW/KR3K:XuIietTB+B/N76V0C3PMQ6TbMJzQgNvF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a0210df9ead6b6f71dec2dabc50c9bfa_JaffaCakes118

Files

a0210df9ead6b6f71dec2dabc50c9bfa_JaffaCakes118
.exe windows:5 windows x86 arch:x86

d25931ebf8f1579eed40e513d52e7d80

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

atmlib

ATMFontStatus
ATMGetFontPaths
ATMEndFontChange
ATMGetGlyphList
ATMGetPostScriptNameW
ATMGetMenuName
ATMClient
ATMBBoxBaseXYShowText
ATMEnumFontsW
ATMEnumMMFonts
ATMEnumMMFontsW
ATMAddFontExA
ATMBBoxBaseXYShowTextW
ATMFinish

hhsetup

?SetNextTitle@CTitle@@QAEXPAV1@@Z
?DeleteLocation@CCollection@@AAEKPAVCLocation@@@Z
?GetLanguage@CFolder@@QAEGXZ
??4CPointerList@@QAEAAV0@ABV0@@Z
?FindTitle@CCollection@@QAEPAVCTitle@@PBDG@Z
?GetMasterCHM@CCollection@@QAEHPAPADPAG@Z
?AllocCopyValue@CCollection@@AAEKPAVCParseXML@@PADPAPAD@Z
?SetPath@CLocation@@QAEXPBD@Z
?DeleteTitle@CCollection@@AAEKPAVCTitle@@@Z
?GetIdW@CTitle@@QAEPBGXZ
?Save@CCollection@@QAEKXZ
?GetId@CLocation@@QBEPADXZ
?AddRef@CCollection@@QAEXXZ
?DeleteFolders@CCollection@@AAEXPAPAVCFolder@@@Z
?Open@CCollection@@QAEKPBG@Z

kernel32

RequestDeviceWakeup
QueryPerformanceCounter
ReplaceFileA
FindFirstChangeNotificationA
GetCurrentThreadId
GetComputerNameExW
GetCommTimeouts
GetPrivateProfileStructA
MapViewOfFileEx
VirtualAlloc
GetCurrentProcessId
GetModuleHandleExW
GetSystemDefaultLangID
RtlZeroMemory
GetCommConfig
GetConsoleNlsMode
GetLocalTime
GetExitCodeThread
GetTickCount

spoolss

EnumFormsW
DeletePrintProvidorW
GetPrinterDriverW
RouterAllocBidiResponseContainer
GetJobW
AddJobW
ClosePrinter
DeletePrinterDriverW
RouterFindNextPrinterChangeNotification
AddMonitorW
MarshallDownStructuresArray
DllFreeSplMem
EnumPrinterDriversW
GetPrinterW

polstore

IPSecGetFilterData
IPSecFreePolicyData
IPSecSetISAKMPData
IPSecFreeMulFilterData
IPSecFreeMulNFAData
IPSecFreeMulNegPolData
IPSecFreeNFAData
IPSecCreatePolicyData
IPSecUnassignPolicy
IPSecSetPolicyData
IPSecExportPolicies
IPSecEnumISAKMPData
IPSecCopyISAKMPData

opengl32

glTexCoord4sv
glClearAccum
glRasterPos3s
glEdgeFlagv
glNormalPointer
glArrayElement
glVertex3dv
glLightModelfv
glTexSubImage1D
glRasterPos2sv
glTexCoord4d
glTexCoord4fv
glClearColor
glTranslatef
glMaterialiv

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 651B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d25931ebf8f1579eed40e513d52e7d80

Headers

DLL Characteristics

File Characteristics

Imports

atmlib

hhsetup

kernel32

spoolss

polstore

opengl32

Sections

.text Size: 17KB - Virtual size: 16KB

.rdata Size: 1024B - Virtual size: 651B

.data Size: 512B - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 3KB

.text
Size: 17KB - Virtual size: 16KB

.rdata
Size: 1024B - Virtual size: 651B

.data
Size: 512B - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 3KB