a27abcd30f5c7594aafb411c9682d952_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a27abcd30f5c7594aafb411c9682d952_JaffaCakes118
Size

369KB
MD5

a27abcd30f5c7594aafb411c9682d952
SHA1

f3ae99e64fc02f7dc1d3e8b77c61e7bae68d3249
SHA256

3f28e7ceb265b18a1775dc5039f8b54fb3d8ccfd87dd9e2ba7a1f0c99bf1d937
SHA512

a8d0e44049d1b1a72069c59804df4c706d5694acada78ba79feeb9fd6b3fb802e1d88c08479ca280b83a67c399117a7df0e770faf903c24cb422d102f4a81519
SSDEEP

6144:kj34wa55DW3jOubNMgnCTyihYwL5z1gFbxHmCk0gC3bQRChTvEqvOv4LxCDnOJ+t:83wMnC+ihYwL5erGfuSQTvEqvOQLxgjJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a27abcd30f5c7594aafb411c9682d952_JaffaCakes118

Files

a27abcd30f5c7594aafb411c9682d952_JaffaCakes118
.exe windows:4 windows x86 arch:x86

57d30cf4c6fe8d9ef299ca199080a539

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

AdjustWindowRect
DefDlgProcA
DeferWindowPos
GetWindowRect
EnumThreadWindows
GetNextDlgGroupItem
ChildWindowFromPoint
ArrangeIconicWindows
IsDialogMessageA
MoveWindow
BringWindowToTop
FindWindowA
LoadIconA

gdi32

Chord
Arc
EnumObjects
GetBrushOrgEx
CloseEnhMetaFile
ExtEscape
EqualRgn
AngleArc
CreateFontA
AddFontResourceA
DescribePixelFormat
CopyEnhMetaFileW
CopyEnhMetaFileA

advapi32

BackupEventLogA
RegReplaceKeyA
RegOpenKeyExA
OpenEventLogW
ReadEventLogA

kernel32

SetLastError
TlsGetValue
GetLastError
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
LeaveCriticalSection
GetCPInfo
GetStringTypeW
WaitForSingleObject
GlobalFlags
GetTimeFormatA
GetThreadLocale
IsBadWritePtr
EnterCriticalSection
InitializeCriticalSection
ReleaseSemaphore
HeapValidate
GetACP
WriteProfileStringA
GetProfileIntA
GetProcAddress
GetHandleInformation
VirtualAllocEx
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
LoadLibraryA
HeapReAlloc
VirtualAlloc
HeapAlloc
TlsAlloc
TlsSetValue
GetCurrentThreadId
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetOEMCP

winspool.drv

DeletePrinterDriverExA
ConnectToPrinterDlg
EnumJobsW
GetPrinterDriverW
GetPrinterDriverA
AddPrinterConnectionA
SetPrinterA
AbortPrinter

netapi32

NetUserChangePassword
NetLocalGroupDelMembers
NetConnectionEnum
NetGroupAdd
NetConfigSet
NetGetJoinInformation
NetAuditClear
NetFileGetInfo
NetAuditWrite

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dblyx
Size: 331KB - Virtual size: 330KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

57d30cf4c6fe8d9ef299ca199080a539

Headers

File Characteristics

Imports

user32

gdi32

advapi32

kernel32

winspool.drv

netapi32

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 2KB - Virtual size: 81KB

.dblyx Size: 331KB - Virtual size: 330KB

.rsrc Size: 3KB - Virtual size: 2KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 2KB - Virtual size: 81KB

.dblyx
Size: 331KB - Virtual size: 330KB

.rsrc
Size: 3KB - Virtual size: 2KB