a2d9badfb3f94f79eabd9ee39b254e20_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a2d9badfb3f94f79eabd9ee39b254e20_JaffaCakes118
Size

847KB
MD5

a2d9badfb3f94f79eabd9ee39b254e20
SHA1

24758cac0a3d4eb5bc957f6cabd8af48c1816027
SHA256

9a163d53e89aa10738df1d454956a10e10c0c7fdb9036a92fa5bb15e642f6b32
SHA512

72fc11e6fb6029629d49f5e6668a487ff9046bf95669b67d1d7ed409d85b9fadc1e2c0ac0259fc2d2c18c238f18583c9f5aec200e0a5d36f5decfde56bb2b232
SSDEEP

12288:3nd4qfQVML4G6nwMgK52yJ5EdTI1L2F7hyZyAE71vXIACre53rY4JUH2ccwOod6Q:3nd4HV24G6nw70x05JYYZvIHkqY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a2d9badfb3f94f79eabd9ee39b254e20_JaffaCakes118

Files

a2d9badfb3f94f79eabd9ee39b254e20_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f65c360d080c9b70e092b2c6c8907c8b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

PrivMoveFileIdentityW
TlsFree
WriteConsoleOutputCharacterA
DebugActiveProcessStop
PeekConsoleInputW
lstrcpyW
FileTimeToSystemTime
VirtualAlloc
LoadLibraryA
GlobalHandle
EnumResourceLanguagesW
FreeEnvironmentStringsA
FindResourceA
UnlockFileEx
BaseInitAppcompatCacheSupport
BackupSeek
GetShortPathNameA
GetVolumeNameForVolumeMountPointA
LocalUnlock
DeleteFileA
GetProcessAffinityMask
InitAtomTable
GetEnvironmentStringsW
CreateEventW
_llseek
CreateTapePartition

winscard

SCardListReaderGroupsW
SCardFreeMemory
SCardListReadersW
SCardStatusA
SCardLocateCardsByATRW
SCardForgetReaderW
SCardListCardsW
SCardGetStatusChangeW
SCardControl
SCardForgetReaderGroupA
ClassInstall32
SCardLocateCardsByATRA
SCardForgetReaderA
SCardSetAttrib
SCardAddReaderToGroupW
SCardListInterfacesW
SCardIntroduceReaderW
SCardReconnect
SCardReleaseStartedEvent

crtdll

_heapmin
toupper
iswxdigit
raise
rand
_wcsset
_fputwchar
_isatty
_y1
_lrotr
_mbbtombc
_CIsin
_spawnve
signal
fwprintf
_fgetwchar
_local_unwind2

oleaut32

BstrFromVector
CreateDispTypeInfo
VariantCopy
CreateErrorInfo
VarI1FromUI2
VarI8FromDec
VarUI1FromUI2
VarDecFromBool
VarCyMulI8
LPSAFEARRAY_UserFree
VarI8FromStr
VarDateFromUI8
DispInvoke
VarBoolFromI8
VarDecFromI2
VarI1FromDec
SysAllocStringByteLen
VarIdiv

utildll

GetSystemMessageW
CachedGetUserFromSid
NetBIOSDeviceEnumerate
GetUnknownString
ParseDecoratedAsyncDeviceName
CalculateElapsedTime
AsyncDeviceEnumerate
StrAsyncConnectState
InstallModem
SetupAsyncCdConfig
CalculateDiffTime
IsPartOfDomain
FormDecoratedAsyncDeviceName
TestUserForAdmin
StrConnectState
CtxGetAnyDCName
CurrentDateTimeString
GetAssociatedPortName
StrSdClass
StandardErrorMessage
RegGetNetworkDeviceName
NetworkDeviceEnumerate

Sections

.text
Size: 748KB - Virtual size: 748KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f65c360d080c9b70e092b2c6c8907c8b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

winscard

crtdll

oleaut32

utildll

Sections

.text Size: 748KB - Virtual size: 748KB

.rdata Size: 91KB - Virtual size: 90KB

.data Size: 4KB - Virtual size: 1.4MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 748KB - Virtual size: 748KB

.rdata
Size: 91KB - Virtual size: 90KB

.data
Size: 4KB - Virtual size: 1.4MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB