d22f710fef36b4a9186c99fc3db90f32_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d22f710fef36b4a9186c99fc3db90f32_JaffaCakes118
Size

1.1MB
MD5

d22f710fef36b4a9186c99fc3db90f32
SHA1

7c01bb7a617f956cd33404932d2c56075f3a3948
SHA256

12882a479c49e3540b2111f42a912e8fe6cb66413486748d2387648effc691ba
SHA512

4dde622792956d0778053f4008ed59c5135e25c76b8bb2fbb182ad26ce4aa79fb212305011196ecf1d4c5337f151f30d8eff5e3da1212dcf62c041f8d2268ed5
SSDEEP

24576:QJ2e1fj7jJEjkZK03JceXoc1/VAhs+hx7kgzZLTm5Xa:kfjJE4vKc1tkZ/TQa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d22f710fef36b4a9186c99fc3db90f32_JaffaCakes118

Files

d22f710fef36b4a9186c99fc3db90f32_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ba1d53c31465dbe985a5a1eeb57a4125

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

wcscmp
__p__fmode
wcsstr
ftell
fwrite
__setusermatherr
wcsncpy
free
_wcsupr
_c_exit
_cexit
_wcmdln
_getpid
realloc
isspace
_errno
wcsrchr
_wcsicmp
wcsncat
_purecall
clearerr
_ftol
_CxxThrowException

netapi32

NetApiBufferSize
NetShareGetInfo
NetWkstaGetInfo

ntdll

towupper
NtQueryQuotaInformationFile
wcstoul
iswctype

user32

SendMessageA
DispatchMessageA
RegisterClassExA
CreateWindowExA
GetDlgItem
GetMessageA
KillTimer
TranslateMessage
ChildWindowFromPoint
UpdateWindow
DestroyWindow
WindowFromPoint
RemoveMenu
SetCursor
GetSubMenu
LockSetForegroundWindow
DeleteMenu
ShowWindow
GetCursorPos
DefWindowProcA
ReleaseDC
PostQuitMessage
ClientToScreen
GetCapture
IsWindow
GetIconInfo
GetActiveWindow

shell32

SHGetDesktopFolder

setupapi

SetupGetIntField

comctl32

ImageList_GetImageCount
InitCommonControlsEx

gdi32

GetMapMode
PatBlt

ole32

CoCreateInstance
CoInitializeSecurity

kernel32

SetEvent
ReleaseMutex
LoadLibraryA
CloseHandle
ReleaseSemaphore
OpenMutexA
GetFileInformationByHandle
GetModuleHandleA
GetLocalTime
PrepareTape
BackupRead
LocalFree
VirtualAlloc
GetCurrentProcessId
GetFileSize
GetVersion
GetLastError
GetProcessHeap
HeapQueryInformation
DeleteCriticalSection
GetProcAddress
GetCurrentThread
SetErrorMode
GetTapeParameters
FreeLibrary
GetUserDefaultLCID
GetCurrentProcess
CreateMutexA

advapi32

RegFlushKey
DeleteAce
OpenProcessToken
InitializeSecurityDescriptor
FreeSid
ControlService
WriteEncryptedFileRaw
RegCloseKey
GetSecurityDescriptorDacl

Sections

.text
Size: 838KB - Virtual size: 838KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 328KB - Virtual size: 328KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ba1d53c31465dbe985a5a1eeb57a4125

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

netapi32

ntdll

user32

shell32

setupapi

comctl32

gdi32

ole32

kernel32

advapi32

Sections

.text Size: 838KB - Virtual size: 838KB

.data Size: 328KB - Virtual size: 328KB

.rsrc Size: 8KB - Virtual size: 3.1MB

.text
Size: 838KB - Virtual size: 838KB

.data
Size: 328KB - Virtual size: 328KB

.rsrc
Size: 8KB - Virtual size: 3.1MB