c0613930fe50d80f5b108d3375eedb9d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c0613930fe50d80f5b108d3375eedb9d_JaffaCakes118
Size

857KB
MD5

c0613930fe50d80f5b108d3375eedb9d
SHA1

3fff280c74c9f454002a8ebdca5f1ede72950526
SHA256

d9e6415d39c921e16d695f9dac6aa7752aa8b8e6e1a9bf5939a6731cc57ba739
SHA512

bf4b589a7142d4337d0b53b90b5015249203b506cd2bd6e8286b07696e15a370097df6d33d5de7ec8e3281ba16b1729b20438aa6386ebf7f2fe3207112398a82
SSDEEP

12288:8lwYAal7f1vBx4cOHZ0hrZ0jsF0uUeRfxWGwKfr/T6V17KAS2:3YA+f1nVOHZsZ0oXZRfxWGw4T6V17U2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c0613930fe50d80f5b108d3375eedb9d_JaffaCakes118

Files

c0613930fe50d80f5b108d3375eedb9d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c777f46cae8b3aa9e65d3ee3a8c64c13

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetGeoInfoW
UnhandledExceptionFilter
VirtualAlloc
GetEnvironmentVariableA
FatalAppExitA
CreateWaitableTimerA
WriteConsoleInputVDMW
AddLocalAlternateComputerNameA
IsBadReadPtr
GetDiskFreeSpaceW
GetPrivateProfileStructA
LocalShrink
SetTimeZoneInformation
PrivCopyFileExW
GetSystemDefaultLCID
FindFirstVolumeMountPointW
TlsFree
GetPrivateProfileSectionNamesW
OutputDebugStringA
SetConsoleMode
LoadLibraryA
DeleteFileW
BaseDumpAppcompatCache
GetLocaleInfoW
EnumDateFormatsW
WriteConsoleOutputAttribute
EnumDateFormatsExA
GetSystemDefaultLangID
DeleteVolumeMountPointA
GetTickCount
GetACP
CloseProfileUserMapping
GetAtomNameW
CreateActCtxW
GlobalFindAtomW
LocalCompact
EnumSystemCodePagesW
GetWriteWatch
PostQueuedCompletionStatus

winsta

WinStationShadow
WinStationQueryInformationA
WinStationInstallLicense
ServerLicensingGetPolicy
_WinStationReadRegistry
_WinStationShadowTarget
_WinStationShadowTargetSetup
WinStationFreeGAPMemory
WinStationVirtualOpen
_WinStationWaitForConnect
WinStationGetAllProcesses
ServerLicensingDeactivateCurrentPolicy
WinStationOpenServerW
WinStationNameFromLogonIdA
WinStationTerminateProcess
WinStationDisconnect
WinStationSetInformationA
WinStationFreeMemory
ServerQueryInetConnectorInformationW
WinStationRemoveLicense
_WinStationUpdateClientCachedCredentials
WinStationGetMachinePolicy
WinStationQueryLicense
WinStationSetPoolCount
WinStationRenameW
ServerLicensingGetAvailablePolicyIds
WinStationGetProcessSid
WinStationGetTermSrvCountersValue
_WinStationUpdateSettings
ServerLicensingUnloadPolicy
WinStationSendWindowMessage
WinStationActivateLicense
WinStationEnumerate_IndexedW
_WinStationCheckForApplicationName
WinStationConnectA
_WinStationUpdateUserConfig
WinStationEnumerateA
WinStationCheckLoopBack
WinStationEnumerateLicenses
WinStationEnumerateW
ServerLicensingLoadPolicy
WinStationEnumerate_IndexedA
_WinStationReInitializeSecurity
LogonIdFromWinStationNameA
ServerLicensingOpenA

olecli32

DefCreateFromClip
OleQueryOutOfDate
LeQueryBounds
LeQueryType
PbCreateFromClip
DefCreateInvisible
GenGetData
PbCreateFromTemplate
GenQueryBounds
ErrSetTargetDevice
BmEqual
MfEqual
BmQueryBounds
LeExecute
MfSaveToStream
ErrQueryOutOfDate
PbGetData
DibEnumFormat
LeClone
OleSetTargetDevice
MfEnumFormat
OleReconnect
DibSaveToStream
OleQueryName
ErrSetHostNames
BmClone
OleEnumFormats
LeGetUpdateOptions
DefCreateLinkFromClip
LeSetHostNames
LeClose
PbQueryBounds
OleCreateFromTemplate
MfGetData
ObjQueryType
OleObjectConvert
OleCreateInvisible
OleSetBounds
BmCopy

msihnd

DllGetClassObject

Sections

.text
Size: 389KB - Virtual size: 389KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 357KB - Virtual size: 357KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c777f46cae8b3aa9e65d3ee3a8c64c13

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

winsta

olecli32

msihnd

Sections

.text Size: 389KB - Virtual size: 389KB

.rdata Size: 357KB - Virtual size: 357KB

.data Size: 108KB - Virtual size: 1.6MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 389KB - Virtual size: 389KB

.rdata
Size: 357KB - Virtual size: 357KB

.data
Size: 108KB - Virtual size: 1.6MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1024B - Virtual size: 1024B