c7a635eea4353a03f7196a9734efadba_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c7a635eea4353a03f7196a9734efadba_JaffaCakes118
Size

858KB
MD5

c7a635eea4353a03f7196a9734efadba
SHA1

71c9e6dbba1e2487585eca330492fff09f507c73
SHA256

59889f1117d45dc65d329cf893c3561f1e2a09affd34354c870db85851c2c082
SHA512

0498c8730c7d908a9da59f4d3817793e914ceae9c566fc823d5d66158532b3673845c6080eb7e9493e000f1c76bbf44181bd7267505f2620100ea15e19f4d589
SSDEEP

12288:aS9NKu1CHwioNbq2D/UMM9kgN/xFVG3PWKzPhGgOuIQ74Zb4/CQYFZlkb5+D88qz:FjKSg2ykOFw3PnpCJ6CQEkb5+D3qhVJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c7a635eea4353a03f7196a9734efadba_JaffaCakes118

Files

c7a635eea4353a03f7196a9734efadba_JaffaCakes118
.exe windows:5 windows x86 arch:x86

019e969af34d6dc4e6f97cf828a4e5ba

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ConvertThreadToFiber
GetModuleHandleW
SetThreadPriority
UnregisterWaitEx
GetTapeParameters
DosPathToSessionPathA
GetStartupInfoW
HeapFree
GetProfileStringW
GetEnvironmentStringsA
lstrcpyn
OpenProfileUserMapping
FindVolumeClose
LoadLibraryExW
VirtualAlloc
LoadLibraryA
SetConsoleScreenBufferSize
InterlockedFlushSList
DebugBreak
EnumDateFormatsExA
GetVolumeNameForVolumeMountPointW
ReadConsoleInputA
HeapCreate
GetDiskFreeSpaceExW
SetProcessAffinityMask
BuildCommDCBAndTimeoutsA
AddConsoleAliasA
WriteConsoleOutputCharacterA
LocalShrink
GetEnvironmentStringsW
WaitForDebugEvent
lstrcmpW

iphlpapi

IcmpSendEcho2
GetIcmpStatistics
InternalDeleteIpForwardEntry
AllocateAndGetIpAddrTableFromStack
GetAdaptersInfo
SetIpNetEntry
Icmp6SendEcho2
GetNetworkParams
UnenableRouter
do_echo_req
_PfRemoveGlobalFilterFromInterface@8
Icmp6CreateFile
_PfBindInterfaceToIndex@16
DisableMediaSense
_PfAddGlobalFilterToInterface@8
DeleteProxyArpEntry
GetBestInterface
NTPTimeToNTFileTime
NhGetInterfaceNameFromGuid
InternalSetIpNetEntry
GetTcpStatistics
InternalSetIfEntry
GetIpAddrTable
InternalSetIpStats
_PfBindInterfaceToIPAddress@12
GetIfEntry
GetTcpTable
_PfAddFiltersToInterface@24
GetIpForwardTable
InternalGetTcpTable
SetAdapterIpAddress
DeleteIpForwardEntry
GetUdpTable
SetIpForwardEntry
_PfSetLogBuffer@28
NhpAllocateAndGetInterfaceInfoFromStack
_PfMakeLog@4
IcmpCreateFile
_PfDeleteLog@0
GetRTTAndHopCount

psapi

GetProcessMemoryInfo
InitializeProcessForWsWatch
GetDeviceDriverBaseNameW
GetProcessImageFileNameW
GetPerformanceInfo
GetProcessImageFileNameA
GetMappedFileNameA
EmptyWorkingSet
GetDeviceDriverBaseNameA
GetModuleBaseNameA
GetModuleFileNameExW
GetModuleBaseNameW
EnumPageFilesW
GetModuleInformation
GetDeviceDriverFileNameW
EnumPageFilesA
GetDeviceDriverFileNameA
EnumProcessModules
QueryWorkingSet
EnumDeviceDrivers
EnumProcesses
GetMappedFileNameW
GetModuleFileNameExA
GetWsChanges

winsta

WinStationConnectA
ServerLicensingUnloadPolicy
WinStationWaitSystemEvent
WinStationSetPoolCount
WinStationBroadcastSystemMessage
WinStationFreeGAPMemory
_WinStationReInitializeSecurity
WinStationSendMessageW
_WinStationCheckForApplicationName
WinStationQueryLogonCredentialsW
LogonIdFromWinStationNameA
WinStationGetTermSrvCountersValue
_NWLogonQueryAdmin
_WinStationUpdateSettings
ServerLicensingGetPolicyInformationW
_WinStationBreakPoint
ServerLicensingSetPolicy
ServerLicensingClose
WinStationCloseServer
WinStationRenameW
WinStationQueryInformationA
WinStationRemoveLicense
_WinStationShadowTarget
WinStationQueryLicense
WinStationOpenServerA
ServerLicensingGetAvailablePolicyIds

drprov

NPCloseEnum
NPAddConnection
NPGetResourceInformation
NPGetUniversalName
NPGetConnection
NPGetResourceParent
NPOpenEnum
NPEnumResource
NPGetCaps
NPCancelConnection
NPAddConnection3

Sections

.text
Size: 356KB - Virtual size: 356KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 366KB - Virtual size: 366KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 132KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

019e969af34d6dc4e6f97cf828a4e5ba

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

iphlpapi

psapi

winsta

drprov

Sections

.text Size: 356KB - Virtual size: 356KB

.rdata Size: 366KB - Virtual size: 366KB

.data Size: 132KB - Virtual size: 1.6MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 356KB - Virtual size: 356KB

.rdata
Size: 366KB - Virtual size: 366KB

.data
Size: 132KB - Virtual size: 1.6MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1024B - Virtual size: 1024B