ce8991842b2a0a215af498c337973573_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ce8991842b2a0a215af498c337973573_JaffaCakes118
Size

83KB
MD5

ce8991842b2a0a215af498c337973573
SHA1

8530f172891159f8674ab05a4a19f94e194b1b35
SHA256

0acac10d0d203bfc01f24a4193fbee652fdf6bf5968db15f77540888ac144224
SHA512

dd407e212d76dc8c73d9305c001cc9882158d579edf68b5d7308f2d752b89f7357ce2202d29ff94226110d7833927b6c8b00dc4b857b0ce7895d991ca9026933
SSDEEP

1536:wUlsHiSN/5j1QwfiXuDPDi9wZ7hTSRabN0JnfxLlI3d11tMuVh3Jv:wUKCS7+bmDi9WYfxa/VX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ce8991842b2a0a215af498c337973573_JaffaCakes118

Files

ce8991842b2a0a215af498c337973573_JaffaCakes118
.exe windows:5 windows x86 arch:x86

562ff0dbc10adbc471fde96c44d07c74

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStringTypeA
GetCurrentProcessId
QueryPerformanceCounter
CreateFileMappingA
SetThreadPriorityBoost
GetSystemTimeAsFileTime
DebugBreakProcess
GetModuleHandleW
Heap32ListFirst
GetConsoleInputExeNameW
DeleteCriticalSection
RegisterConsoleIME
VirtualAlloc
LoadLibraryA
FindFirstChangeNotificationW
GetVersionExW
SetDefaultCommConfigW
GetTickCount
GetCurrentThreadId
PeekConsoleInputW

gdi32

GetCharABCWidthsW
GetTransform
CreateMetaFileW
XFORMOBJ_bApplyXform
SetBitmapAttributes
SetICMProfileA
StrokeAndFillPath
EngGetCurrentCodePage
IntersectClipRect
GdiEntry8
CreateDIBitmap
DdEntry2
SetBrushOrgEx
PolyTextOutA
Arc

sqlunirl

_GetAtomName_@12
_SetCurrentDirectory_@4
_FindResource@12
_SendMessageTimeout_@28
_GetEnvironmentVariable_@12
_GetToolsFilePath@16
_OpenDesktop_@16
_TextOut@20
_NDdeSetTrustedShare_@12
_FindText_@4

olecli32

DibDraw
WEP
OleRename
OleReconnect
OleRenameClientDoc
OleCreateFromClip
OleCreate
OleEnumObjects
DibGetData
PbCreateFromFile
BmCopy
LeClose
OleSetLinkUpdateOptions
BmClone
LeGetUpdateOptions
PbQueryBounds
OleCreateInvisible
GenEqual
OleQueryReleaseStatus

advapi32

CreatePrivateObjectSecurity
RegQueryValueA
BackupEventLogA
SystemFunction028
TrusteeAccessToObjectW
SetEntriesInAccessListA
StartServiceA
SaferRecordEventLogEntry
LsaICLookupNamesWithCreds
CredUnmarshalCredentialW
QueryServiceConfigA

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

562ff0dbc10adbc471fde96c44d07c74

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdi32

sqlunirl

olecli32

advapi32

Sections

.text Size: 32KB - Virtual size: 31KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 21KB - Virtual size: 30KB

.rsrc Size: 20KB - Virtual size: 19KB

.reloc Size: 512B - Virtual size: 204B

.text
Size: 32KB - Virtual size: 31KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 21KB - Virtual size: 30KB

.rsrc
Size: 20KB - Virtual size: 19KB

.reloc
Size: 512B - Virtual size: 204B