bf9e3feb97deec1f959daae713b28c3d_JaffaCakes118

General

Target

bf9e3feb97deec1f959daae713b28c3d_JaffaCakes118
Size

145KB
MD5

bf9e3feb97deec1f959daae713b28c3d
SHA1

c4854df587c3d1219890c2a54422671ac2d8bcff
SHA256

43528766dee8221ed470a6e47c84c0cbaf31ce02a8d38766eef8667528a923f0
SHA512

240fa68f98ca61ace0cb5637e873f415505764f8c2dc9da31bf9204f7bd6fb74d6e6e5bfa906e7c129b3cf158300cee849d193ef3aa07e01656299ba1ad4a4d8
SSDEEP

3072:Zf0/ZFFjpCyVHT5uQ51tdBAxHjt2NnZUZWRoxeFKa7k4d6noHi/S/oYR9:ZfoZFZQEHTsuzS58nZUZcox4Ka049

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
bf9e3feb97deec1f959daae713b28c3d_JaffaCakes118

Files

bf9e3feb97deec1f959daae713b28c3d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

515c72174542d9a17167554ef2a19a7a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetSysColor
FindWindowExA
CallNextHookEx
SetMenuContextHelpId
CascadeWindows
LockWorkStation
GetClipboardSequenceNumber
User32InitializeImmEntryTable

kernel32

GetProcAddress
VirtualProtect
GetACP
GetModuleHandleA
LoadLibraryA
VirtualAlloc
lstrlenA
lstrcatA
SearchPathA
GetCommandLineA
CreateFileMappingA
VerLanguageNameW
SetEnvironmentVariableA
MoveFileExW
LZClose
GetShortPathNameW
OutputDebugStringA
GetBinaryTypeW

version

VerFindFileW
GetFileVersionInfoA
VerQueryValueA
VerInstallFileW
GetFileVersionInfoW

msimg32

TransparentBlt
vSetDdrawflag

oleaut32

VarDecAbs
VarUI2FromUI4
VarCyFix
SafeArrayLock
VarDecFromBool
BstrFromVector
VarDecCmp

ole32

CoGetStandardMarshal
CoAllowSetForegroundWindow
CoFreeAllLibraries
MonikerCommonPrefixWith
CoWaitForMultipleHandles
HICON_UserFree
OleSetMenuDescriptor

winspool.drv

GetPrintProcessorDirectoryA
AddPrintProvidorA
AdvancedDocumentPropertiesA
AddFormW
FreePrinterNotifyInfo
DeletePrintProcessorW
XcvDataW
AddJobW
GetJobW
EXTDEVICEMODE
PerfOpen
DeviceMode
SpoolerDevQueryPrintW

Sections

.text
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

515c72174542d9a17167554ef2a19a7a

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

version

msimg32

oleaut32

ole32

winspool.drv

Sections

.text Size: 128KB - Virtual size: 127KB

.data Size: 5KB - Virtual size: 5KB

.rsrc Size: 11KB - Virtual size: 10KB

.text
Size: 128KB - Virtual size: 127KB

.data
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 11KB - Virtual size: 10KB