bf6c490e4a297459f49576f794cefbc8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bf6c490e4a297459f49576f794cefbc8_JaffaCakes118
Size

83KB
MD5

bf6c490e4a297459f49576f794cefbc8
SHA1

70a0b768d1dc914e26f9f4c76f67537086a4e5b4
SHA256

979618a4e8b2ca32479efd44929a92c80f2bda3afe04192ca37a3c5a942a659f
SHA512

235db9d68a9b1229a86ca1cbd7cc6e4623c6d95771d957dc93d238b98d6b34c359c1270e9fd633a9bae61be1d0dfc94afa614f6473b21b42f4811443b4bb0bee
SSDEEP

1536:2xHyolJDeed9EXurJI4YiD/Ms5nm7ODz5Yw8zr7YOdunW2MUPsuR6VzhB5S:2pDeRyJIZiDks5nayz5uYCMwx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bf6c490e4a297459f49576f794cefbc8_JaffaCakes118

Files

bf6c490e4a297459f49576f794cefbc8_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f5ee1d3aa83110e5e97db6fb99719b02

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcp60

?infinity@?$numeric_limits@F@std@@SAFXZ
?setiosflags@std@@YA?AU?$_Smanip@H@1@H@Z
?max_size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
?_Getfalse@_Locinfo@std@@QBEPBDXZ
??_7runtime_error@std@@6B@
??0?$codecvt@GDH@std@@QAE@ABV_Locinfo@1@I@Z
?pubseekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@H@2@V32@F@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAJ@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@G@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?abs@std@@YAOABV?$complex@O@1@@Z
?_Init@?$basic_filebuf@DU?$char_traits@D@std@@@std@@IAEXPAU_iobuf@@W4_Initfl@12@@Z

kernel32

LocalReAlloc
BeginUpdateResourceA
GetFirmwareEnvironmentVariableW
FindFirstVolumeW
EnumSystemLocalesA
CreateWaitableTimerW
AddLocalAlternateComputerNameA
QueryPerformanceCounter
OpenMutexW
GetProcessId
DuplicateHandle
VirtualAlloc
FatalExit
SetComputerNameExW
FormatMessageW
SetFileApisToOEM
LoadLibraryA
GlobalFree

advapi32

GetManagedApplicationCategories
SystemFunction031
CredWriteW
QueryServiceConfigW
SetEntriesInAccessListA
GetSecurityDescriptorSacl
ProcessTrace
WmiFileHandleToInstanceNameW
RegDeleteKeyW
SystemFunction027
CloseServiceHandle
BuildTrusteeWithObjectsAndSidA
FreeSid
LsaOpenTrustedDomainByName
LsaSetSecurityObject
SystemFunction030

devmgr

DevicePropertiesExW
DeviceManager_ExecuteW
DeviceProblenWizard_RunDLLW
DeviceProblemWizardW
DeviceCreateHardwarePage
DeviceManager_ExecuteA
DllRegisterServer
DllUnregisterServer
DllGetClassObject
DllCanUnloadNow
DeviceProblenWizard_RunDLLA
DeviceProperties_RunDLLA
DeviceProblemWizardA
DevicePropertiesExA

Sections

.text
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f5ee1d3aa83110e5e97db6fb99719b02

Headers

DLL Characteristics

File Characteristics

Imports

msvcp60

kernel32

advapi32

devmgr

Sections

.text Size: 41KB - Virtual size: 40KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 18KB - Virtual size: 25KB

.rsrc Size: 20KB - Virtual size: 19KB

.reloc Size: 512B - Virtual size: 280B

.text
Size: 41KB - Virtual size: 40KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 18KB - Virtual size: 25KB

.rsrc
Size: 20KB - Virtual size: 19KB

.reloc
Size: 512B - Virtual size: 280B