a821d604abaa97c1f252f7f707416fc4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a821d604abaa97c1f252f7f707416fc4_JaffaCakes118
Size

589KB
MD5

a821d604abaa97c1f252f7f707416fc4
SHA1

7a656ab5c84bd12aad7f4b21d0f33bb73f51ac17
SHA256

8db1f876406b124ca4dc621eaab9bf0961f4b9d6f9003d3dfac8c12d6f06472f
SHA512

9c1c007155dfccf37e6fe92a9945c9bd8518a1fe42060ccb67f8cf3fd129a27f734aaaad2dda88e01cc1d673b66b0eb7871c76e54bd36fab53fc59f19d8c78df
SSDEEP

12288:8iy7fVR6wf2nc8894aPyXgTK7kCXm6Heq328riNOZt:5y7mwwxJXoK7nXmuDmA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a821d604abaa97c1f252f7f707416fc4_JaffaCakes118

Files

a821d604abaa97c1f252f7f707416fc4_JaffaCakes118
.exe windows:5 windows x86 arch:x86

760e8a470ad50170eb9dec948038fa14

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

tree_peek_ndr
short_from_ndr_temp
long_from_ndr
float_from_ndr
UuidHash
RpcStringFreeA
RpcServerUseProtseqIfA
RpcNetworkInqProtseqsA
RpcMgmtSetCancelTimeout
RpcMgmtInqStats
RpcMgmtInqIfIds
RpcMgmtEpEltInqNextA
RpcBindingCopy
MesHandleFree
CStdStubBuffer_QueryInterface

kernel32

QueryPerformanceCounter
lstrcmpiA
VerLanguageNameW
VerLanguageNameA
SetTimeZoneInformation
SetLastError
ReleaseMutex
RegisterWaitForSingleObjectEx
QueryDosDeviceW
OpenFileMappingA
ChangeTimerQueueTimer
CreateHardLinkW
DeleteFileA
EnumResourceLanguagesA
ExitProcess
FindNextChangeNotification
FlushViewOfFile
FreeEnvironmentStringsA
GetCommandLineA
GetDevicePowerState
GetEnvironmentStringsW
GetFileSize
GetNamedPipeHandleStateA
GetPrivateProfileIntW
GetProcAddress
GetShortPathNameW
GetTapeParameters
GetTickCount
HeapAlloc
InterlockedExchange
LoadResource

version

VerQueryValueW
VerQueryValueA
VerInstallFileW
VerInstallFileA
VerFindFileW
VerFindFileA
GetFileVersionInfoW
GetFileVersionInfoSizeW
GetFileVersionInfoA
GetFileVersionInfoSizeA

crtdll

tanh
_exit
_finite
_hypot
_mktemp
_popen
_putenv
_strupr
_yn
clearerr
fscanf
iswlower

user32

GetFocus
LoadCursorA
LoadImageA
PostMessageA
SendMessageA
SetFocus
UpdateWindow
DestroyCaret

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock
ExpandEnvironmentStringsForUserW
FreeGPOListW
GetAppliedGPOListW
GetProfilesDirectoryW
LeaveCriticalPolicySection
RegisterGPNotification
UnregisterGPNotification
EnterCriticalPolicySection

ntdll

NtOpenMutant
NtSetEaFile
RtlSetSaclSecurityDescriptor
NtSetHighWaitLowEventPair
RtlSecondsSince1980ToTime
RtlNtStatusToDosError
RtlGetSaclSecurityDescriptor
RtlFindNextForwardRunClear
RtlFindClearBitsAndSet
RtlAreBitsClear
NtCreateIoCompletion

Exports

Exports

CytTHxriHl
NrPbkytfqF
Yivuo
awftv
isXuw
qbbbyuLzibyerjgi
sxukyqmvtqieBNelv
vplmuavs
wzaOmbfs
xlllqchpxchzxiwIc
yztTqXwgkWiikb

Sections

.text
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 487KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

760e8a470ad50170eb9dec948038fa14

Headers

File Characteristics

Imports

rpcrt4

kernel32

version

crtdll

user32

userenv

ntdll

Exports

Exports

Sections

.text Size: 49KB - Virtual size: 48KB

.data Size: 487KB - Virtual size: 1.1MB

.rsrc Size: 51KB - Virtual size: 51KB

.text
Size: 49KB - Virtual size: 48KB

.data
Size: 487KB - Virtual size: 1.1MB

.rsrc
Size: 51KB - Virtual size: 51KB