a9a877b46a4f5f9d009905b65fe51aa8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a9a877b46a4f5f9d009905b65fe51aa8_JaffaCakes118
Size

69KB
MD5

a9a877b46a4f5f9d009905b65fe51aa8
SHA1

ed2320cdacf9b3fb852ed399d5d3f442ce0ad419
SHA256

cde813741d9739aff9388ca841f3cfb4bfa12d256c75f2068101cda90dc7c5af
SHA512

a02ad8af17284a0caab1e121c393a6db0a4d7ae3775ef4d015664fddfbfdefd8337c203e39f5607fbe8c36dfc558823a75a97ebe4b1459fd398c95eef5ca1bfe
SSDEEP

1536:whE76n60VuwDf7u6tMvt8pyAbtYOcHPMeeEsBKQSYT:whQ0VuSfyjt8pyAbtYnvde7SYT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a9a877b46a4f5f9d009905b65fe51aa8_JaffaCakes118

Files

a9a877b46a4f5f9d009905b65fe51aa8_JaffaCakes118
.exe windows:1 windows x86 arch:x86

5f6dcb59af55f5b3183af665ab5331d5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mtxclu

MtxCluGetDTCVirtualServerNameW
Startup
MtxCluGetComputerNameW
MtxCluIsClusterPresentExW
MtxCluGetDTCStatusW
MtxCluBringOnlineDTCW
MtxCluIsClusterPresent
MtxCluGetSecurityRegValue
MtxCluTakeOfflineDTCW
MtxCluIsSameClusterW
MtxCluIsNetworkNameInLocalClusterW
MtxCluSetSecurityRegValue
MtxCluIsSameNodeW

duser

SetGadgetBufferInfo
DrawGadgetTree
GetActionTimeslice
DUserCastDirect
GetStdPalette
SetGadgetRootInfo
PeekMessageExA
DUserCastClass
GetGadgetStyle
GetDebug
PeekMessageExW
GetGadgetRotation
AddGadgetMessageHandler
DllMain
DeleteHandle
GetGadgetSize
DUserSendEvent
GetStdColorF
UtilBuildFont
RegisterGadgetProperty
DUserSendMethod

kernel32

DuplicateConsoleHandle
HeapDestroy
GetShortPathNameW
GetComputerNameExA
RemoveDirectoryW
IsValidLanguageGroup
GetLogicalDrives
SetConsoleWindowInfo
GetCommandLineW
SetCriticalSectionSpinCount
LoadLibraryA
GetLongPathNameW
VirtualAlloc
GetFileSize
FreeLibrary
DnsHostnameToComputerNameA
SetSystemPowerState
DebugActiveProcess
ReplaceFile
SetCalendarInfoW
RaiseException
CreatePipe
EnumSystemGeoID
SetThreadAffinityMask
GlobalFix
HeapValidate
IsDBCSLeadByte
LZCopy
DebugBreak
SetConsolePalette
GetTimeZoneInformation
WritePrivateProfileStringW
MapUserPhysicalPagesScatter
GetConsoleCommandHistoryA
WaitForDebugEvent
GetVolumePathNameW
VirtualAllocEx
LZStart
SetTimeZoneInformation
UnlockFileEx
GetConsoleAliasExesA
GetCurrentThread
GetLongPathNameA

Sections

.text
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 207KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5f6dcb59af55f5b3183af665ab5331d5

Headers

File Characteristics

Imports

mtxclu

duser

kernel32

Sections

.text Size: 41KB - Virtual size: 40KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 23KB - Virtual size: 207KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 41KB - Virtual size: 40KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 23KB - Virtual size: 207KB

.rsrc
Size: 1KB - Virtual size: 1KB