b9b8f5f0457ac079319f95a0dde32797_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b9b8f5f0457ac079319f95a0dde32797_JaffaCakes118
Size

40KB
MD5

b9b8f5f0457ac079319f95a0dde32797
SHA1

607c9361f836ce2c5d2c4f239d7b9a0e54dccbbe
SHA256

a3fc32764d329a5025caadbad6e0d7867e959e8d060a94212bbe21b8958c2bfa
SHA512

dda66ce5b9b2f6c075612ae8e66e50f1553fdb0cea6262667e23ee03b1e795dd91a1440444a6bc9f0c22b0cf2e49e34a418f937a208046e099d94a28a01fb566
SSDEEP

768:hex3XICKBcTxKxF674c3wZZaVVYkbTMIsQnH10fQQtkMo8EhB:Qx3XICKBcTwkoqVq2TM1QnH13Qt68S

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b9b8f5f0457ac079319f95a0dde32797_JaffaCakes118

Files

b9b8f5f0457ac079319f95a0dde32797_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ee1ccbb2bb00c23237582e635fd48315

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

GetCurrentObject
PtInRegion
GetSystemPaletteEntries
Chord
ScaleViewportExtEx
GetMetaFileA
CopyMetaFileW
CreateMetaFileA
EnumFontFamiliesW
GetStretchBltMode
CreateDiscardableBitmap
GetViewportExtEx
GetMetaRgn
GetTextMetricsW
CreatePatternBrush
LPtoDP

msvcrt

_cexit
_wenviron
__argc
modf
_wmakepath
_ismbckata
_tell
_spawnve
_ftime64
_wspawnvpe
_findnext
_memicmp
fopen
strspn
iswprint
_wsetlocale
__p__mbcasemap
_unloaddll
__p__osver
_CItan
fseek
_heapset
_getdrive
wcsspn
_Getdays
_getpid
fmod
_adj_fprem
_adj_fptan
_strset
_ismbbalnum

kernel32

ExpungeConsoleCommandHistoryA
LockFileEx
FormatMessageW
CreateDirectoryExA
GetFileTime
CreateToolhelp32Snapshot
CreateHardLinkA
GetSystemDirectoryA
GetConsoleCommandHistoryW
CreateJobObjectA
WriteProfileSectionA
GetConsoleAliasesA
MapViewOfFileEx
WaitNamedPipeA
lstrcmpiW
FreeConsole
GetLocaleInfoA
lstrlenW
CallNamedPipeW
GetPrivateProfileStructA
VirtualFree
FindResourceW
CreateNamedPipeW
GetStartupInfoA
GetCompressedFileSizeA
GetConsoleCommandHistoryA
DeleteFileA
LCMapStringA
CreateIoCompletionPort
ExitProcess
ResetEvent
GetPrivateProfileIntA
SetConsoleActiveScreenBuffer
Sleep
GetProfileIntW
TerminateThread
GetModuleHandleA
GlobalAlloc
CreateRemoteThread
VirtualAlloc
UnmapViewOfFile

user32

GetDlgCtrlID
GetActiveWindow
CreateMDIWindowA
DrawCaption
DefDlgProcA
DialogBoxParamW
DefFrameProcW
CreateWindowExW
DdeAddData
DlgDirSelectExA
CreateAcceleratorTableA
CopyIcon

advapi32

RegisterEventSourceW
LsaSetInformationTrustedDomain
GetPrivateObjectSecurity
FindFirstFreeAce
CryptAcquireContextW
GetMultipleTrusteeW
QueryServiceObjectSecurity
LsaEnumerateAccounts
QueryServiceStatus
SetThreadToken
RegisterServiceCtrlHandlerW
BackupEventLogA
GetSecurityDescriptorControl
QueryServiceStatusEx
GetSecurityDescriptorOwner
GetEffectiveRightsFromAclW
RegLoadKeyW
GetNamedSecurityInfoA
ConvertSecurityDescriptorToAccessW
OpenBackupEventLogW
SetSecurityInfo
ObjectDeleteAuditAlarmA

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.zsvv
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ornfg
Size: 18KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 895B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ee1ccbb2bb00c23237582e635fd48315

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

msvcrt

kernel32

user32

advapi32

Sections

.text Size: 8KB - Virtual size: 7KB

.zsvv Size: 12KB - Virtual size: 18KB

.ornfg Size: 18KB - Virtual size: 26KB

.reloc Size: 1024B - Virtual size: 895B

.text
Size: 8KB - Virtual size: 7KB

.zsvv
Size: 12KB - Virtual size: 18KB

.ornfg
Size: 18KB - Virtual size: 26KB

.reloc
Size: 1024B - Virtual size: 895B