a4995f38631743f8e613d49d37a818a2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a4995f38631743f8e613d49d37a818a2_JaffaCakes118
Size

1.2MB
MD5

a4995f38631743f8e613d49d37a818a2
SHA1

8d7f80409ba5c5186bd77d7cbaeb360c2170288a
SHA256

912319ca0710e78846d792264e67013b880dae0633fc80852f07e035cbd3d02f
SHA512

68ef8abe498b209d1e50c08b480562a9a2ad5fcee7dd50d931c9cd6dabce9e55b76f7ddd0d36a52107b7af7038ccb442e9b39c76db1e1f2f86b4376e0e7616db
SSDEEP

24576:3LfBWVm+fmqagKw3FnS5MPL7IQRZJ4hKfy+k0E3fLCoPr77Tym44:bfBWKvWKqzR8gU3/PrHGR4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a4995f38631743f8e613d49d37a818a2_JaffaCakes118

Files

a4995f38631743f8e613d49d37a818a2_JaffaCakes118
.exe windows:7 windows x86 arch:x86

bd5b56cb7a57856203b6c18ae04bdc8a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

setupapi

SetupFindNextLine

netapi32

NetApiBufferFree
NetShareGetInfo

comctl32

ImageList_GetIcon
DestroyPropertySheetPage
InitCommonControlsEx

ntdll

NtSetQuotaInformationFile
isdigit
NtQueryQuotaInformationFile
wcscspn

kernel32

GetCurrentThread
GetTapeParameters
FindClose
CreateThread
GetLastError
DeviceIoControl
GetModuleHandleA
EraseTape
VirtualAlloc
OpenMutexA
SetErrorMode
SetEndOfFile
SetFileTime
ReleaseMutex
ReleaseSemaphore
LoadLibraryA
HeapAlloc
SystemTimeToFileTime
SetTapePosition
CloseHandle
GlobalFree
SetTapeParameters
ReadFile
GetProcessHeap
TerminateThread
FileTimeToSystemTime
GetVersion
GetExitCodeThread
LockFile
WriteTapemark
LoadResource
GetCurrentThreadId
FileTimeToLocalFileTime
BackupWrite
HeapQueryInformation
GetCurrentProcessId
CreateMutexA
VerSetConditionMask

user32

RegisterClassExA
BringWindowToTop
FlashWindow
DefWindowProcA
ClientToScreen
UpdateWindow
LockSetForegroundWindow
DestroyWindow
GetClientRect
SetParent
GetMessageA
TranslateMessage
GetWindowRect
EnableWindow
GetSubMenu
GetDC
DispatchMessageA
DrawFocusRect
GetNextDlgGroupItem
EnableMenuItem
PostQuitMessage
GetActiveWindow
InvalidateRect
SendMessageA
GetKeyState
GetDesktopWindow
SetTimer
CreateWindowExA
KillTimer
IsIconic
ShowWindow

gdi32

CreateBitmap
CreateCompatibleDC
Rectangle
DeleteObject
SelectObject

mpr

WNetCloseEnum

shell32

SHGetDesktopFolder

advapi32

InitializeSecurityDescriptor
RegQueryValueExA
AdjustTokenPrivileges
QueryServiceStatus
AddAccessAllowedAce
DeleteAce
OpenThreadToken

msvcrt

_fdopen
_open_osfhandle
fclose
_errno
_snwprintf
fread
wprintf
_c_exit
wcscmp
_local_unwind2
_adjust_fdiv
_wcmdln
_except_handler3
_exit
ftell
mktime
__p__commode
exit
_onexit
isspace
wcscpy
memmove
_mbslen

ole32

CoTaskMemFree

Sections

.text
Size: 681KB - Virtual size: 681KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 425KB - Virtual size: 425KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 94KB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bd5b56cb7a57856203b6c18ae04bdc8a

Headers

DLL Characteristics

File Characteristics

Imports

setupapi

netapi32

comctl32

ntdll

kernel32

user32

gdi32

mpr

shell32

advapi32

msvcrt

ole32

Sections

.text Size: 681KB - Virtual size: 681KB

.data Size: 425KB - Virtual size: 425KB

.rsrc Size: 94KB - Virtual size: 3.1MB

.text
Size: 681KB - Virtual size: 681KB

.data
Size: 425KB - Virtual size: 425KB

.rsrc
Size: 94KB - Virtual size: 3.1MB