b193852cf657fbda931753bbcd65fdb8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b193852cf657fbda931753bbcd65fdb8_JaffaCakes118
Size

255KB
MD5

b193852cf657fbda931753bbcd65fdb8
SHA1

0fe56597912e51c86b2db18703fd69e5999841cb
SHA256

f9ed4f5d41a05327ce7687aab0fcfee84cef2f5667b8a2d1ebbb60bfce2fad66
SHA512

0eba7e272c9183624432bd99cde4e7d00caa854c97463601d993f2179496a45b7706914c94b476754b8cd2c6ec0a518cef9c0fc3a473c98ab7cb7c97cd5942ea
SSDEEP

3072:70VC2gLy9ML+WhzIU4tNe157PwqLqn3Wi8mUUt+COaLH1DsG0SKW3WVJA7cw3/7m:FjErtNe/ss+GPmd+Na/Yy9v74R3bB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b193852cf657fbda931753bbcd65fdb8_JaffaCakes118

Files

b193852cf657fbda931753bbcd65fdb8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1fcd465dcde3a4b23d671101cf8d583f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetSystemMetrics
EnumWindows
PostMessageW
GetDesktopWindow
GetWindowThreadProcessId

rpcrt4

UuidToStringW
RpcStringFreeW
UuidCreate

oleaut32

VariantInit
SysStringLen
VarBstrCat
VariantClear
SysAllocStringLen
SysAllocString
SysStringByteLen
SysAllocStringByteLen
SysFreeString

psapi

GetModuleBaseNameW

ole32

StringFromGUID2
CoCreateInstance

kernel32

GetCurrentThreadId
HeapSize
FindResourceExW
WaitForSingleObject
CreateProcessW
LeaveCriticalSection
GetSystemTime
FileTimeToSystemTime
CreateIoCompletionPort
UnhandledExceptionFilter
FindResourceW
GlobalFree
IsDebuggerPresent
lstrlenA
HeapDestroy
WaitForMultipleObjects
LocalAlloc
WideCharToMultiByte
FormatMessageW
HeapFree
SetUnhandledExceptionFilter
EnterCriticalSection
RaiseException
SizeofResource
SystemTimeToFileTime
LoadLibraryExW
CloseHandle
GetQueuedCompletionStatus
WTSGetActiveConsoleSessionId
FreeLibrary
HeapReAlloc
GetComputerNameExW
CompareFileTime
LocalFree
LockResource
ExpandEnvironmentStringsW
HeapAlloc
GetSystemTimeAsFileTime
OpenProcess
lstrlenW
PostQueuedCompletionStatus
GetProcessHeap
DeleteCriticalSection
CreateFileW
LoadResource
VirtualAllocEx

esent

JetFreeBuffer
JetIntersectIndexes
JetDelete
JetEscrowUpdate
JetGrowDatabase
JetGetLogInfoInstance
JetGetInstanceInfo
JetGetCursorInfo
JetAttachDatabaseWithStreaming
JetSnapshotStart
JetGetLogInfoInstance2
JetMove

qedit

DllCanUnloadNow
DllRegisterServer

Sections

.XmgFYrO
Size: 2KB - Virtual size: 37KB

IMAGE_SCN_MEM_READ

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.uMxUx
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.BBAMT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xJLvY
Size: 1024B - Virtual size: 826B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CouTKB
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 6KB - Virtual size: 237KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.OSQZEz
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 208KB - Virtual size: 207KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.WAkML
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tXAQwW
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tNBKN
Size: 1024B - Virtual size: 514B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.FJjdss
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1fcd465dcde3a4b23d671101cf8d583f

Headers

DLL Characteristics

File Characteristics

Imports

user32

rpcrt4

oleaut32

psapi

ole32

kernel32

esent

qedit

Sections

.XmgFYrO Size: 2KB - Virtual size: 37KB

.text Size: 18KB - Virtual size: 18KB

.uMxUx Size: 1KB - Virtual size: 1KB

.BBAMT Size: 2KB - Virtual size: 2KB

.xJLvY Size: 1024B - Virtual size: 826B

.CouTKB Size: 3KB - Virtual size: 2KB

.data Size: 6KB - Virtual size: 237KB

.OSQZEz Size: 2KB - Virtual size: 1KB

.rdata Size: 208KB - Virtual size: 207KB

.WAkML Size: 2KB - Virtual size: 2KB

.tXAQwW Size: 2KB - Virtual size: 2KB

.tNBKN Size: 1024B - Virtual size: 514B

.rsrc Size: 1KB - Virtual size: 1KB

.FJjdss Size: 1KB - Virtual size: 1KB

.XmgFYrO
Size: 2KB - Virtual size: 37KB

.text
Size: 18KB - Virtual size: 18KB

.uMxUx
Size: 1KB - Virtual size: 1KB

.BBAMT
Size: 2KB - Virtual size: 2KB

.xJLvY
Size: 1024B - Virtual size: 826B

.CouTKB
Size: 3KB - Virtual size: 2KB

.data
Size: 6KB - Virtual size: 237KB

.OSQZEz
Size: 2KB - Virtual size: 1KB

.rdata
Size: 208KB - Virtual size: 207KB

.WAkML
Size: 2KB - Virtual size: 2KB

.tXAQwW
Size: 2KB - Virtual size: 2KB

.tNBKN
Size: 1024B - Virtual size: 514B

.rsrc
Size: 1KB - Virtual size: 1KB

.FJjdss
Size: 1KB - Virtual size: 1KB