d29e1b493e8aaab9bb55892f16d28a63_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d29e1b493e8aaab9bb55892f16d28a63_JaffaCakes118
Size

62KB
MD5

d29e1b493e8aaab9bb55892f16d28a63
SHA1

575a9bf3623ba674155eee68e42ebb5d389f39c4
SHA256

7c4ed9e287d22eab0768898251002cde2354ac5df0e3de14a94dc906a26d05af
SHA512

dbb8bc580c93bf1beb7ca5ac337b2b4f8333494933590cf50c6130c3b79ea745c5424da76a7f467e00879fab28f133548d5a2ba3ae2548d5daa0bc7a064ce79b
SSDEEP

768:c4RGOd/DF8fiyG3bXHtlIrP7KhBlT57fFUlcV2bpLTw0gcjMhfGiDz2PRmc:NRGg33bdlSUnT1tUlcV8dThxMxGiJc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d29e1b493e8aaab9bb55892f16d28a63_JaffaCakes118

Files

d29e1b493e8aaab9bb55892f16d28a63_JaffaCakes118
.exe windows:6 windows x86 arch:x86

2c7ea1f046a80a4d02174a4ba61467ec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

RPCPing.pdb

Imports

advapi32

RegQueryValueExW
RegOpenKeyExW
EventActivityIdControl
ConvertStringSidToSidW
RegCloseKey

kernel32

GetProcessHeap
HeapFree
GetTickCount
GetStdHandle
SetThreadPreferredUILanguages
HeapSetInformation
GetLastError
SetThreadUILanguage
GetComputerNameW
GetProcAddress
LoadLibraryW
GetModuleHandleW
HeapAlloc
FormatMessageW
LocalFree
WriteConsoleW
WideCharToMultiByte
WriteFile
GetFileType
GetConsoleMode
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
FileTimeToSystemTime
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
InterlockedCompareExchange
Sleep
MultiByteToWideChar
InterlockedExchange
GetCurrentThreadId

msvcrt

malloc
_controlfp
_except_handler4_common
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
_XcptFilter
_exit
_cexit
__wgetmainargs
memset
memcpy
fprintf
_iob
_wcsicmp
exit
printf
free
wcstol
getchar
_getch
wcschr
wcsstr
_wtoi

rpcrt4

RpcErrorLoadErrorInfo
RpcErrorEndEnumeration
RpcErrorClearInformation
RpcErrorSaveErrorInfo
RpcErrorResetEnumeration
RpcErrorGetNextRecord
RpcErrorGetNumberOfRecords
RpcErrorStartEnumeration
RpcMgmtStatsVectorFree
RpcMgmtInqStats
RpcEpResolveBinding
RpcBindingSetAuthInfoExW
RpcBindingFromStringBindingW
RpcStringBindingComposeW
UuidToStringW
UuidCreate
RpcCertGeneratePrincipalNameW
UuidFromStringW
RpcStringFreeW
I_RpcCertProcessAndProvision

ntdll

WinSqmIsOptedIn
WinSqmIncrementDWORD

winhttp

WinHttpSetCredentials
WinHttpCloseHandle
WinHttpOpenRequest
WinHttpConnect
WinHttpOpen
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryAuthSchemes
WinHttpSetOption
WinHttpQueryHeaders
WinHttpQueryOption

crypt32

CertFreeCertificateContext

credui

SspiPromptForCredentialsW
CredUIPromptForCredentialsW

rpcdiag

RpcDiagnoseError

sspicli

SspiEncodeStringsAsAuthIdentity
SspiEncodeAuthIdentityAsStrings

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2c7ea1f046a80a4d02174a4ba61467ec

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcrt

rpcrt4

ntdll

winhttp

crypt32

credui

rpcdiag

sspicli

Sections

.text Size: 28KB - Virtual size: 28KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 30KB - Virtual size: 104KB

.text
Size: 28KB - Virtual size: 28KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 30KB - Virtual size: 104KB