d42dbba27dc711e5b4a3f4bf83967049_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d42dbba27dc711e5b4a3f4bf83967049_JaffaCakes118
Size

218KB
MD5

d42dbba27dc711e5b4a3f4bf83967049
SHA1

669a023ae4420eae9f03f967547dcbb0a4a5a509
SHA256

1d73bc903d3c98a510bf580a62aca1514e8ca935180657de4c7403969d15283a
SHA512

25f77c9c8159b1d75f1ba4a3c6760908f799e261c0d7581b1bd1cc607ed83f0636504cb70b6ec73f660b20f14e439a3326eaf92a902d166ca5b874e0b697faa4
SSDEEP

3072:DB+Cq2qguyCO9JgYnk37UwpjXjqK+eZtNJkXjeH+LbSZUJXuRBAmOzOa1+4WD7:DF6gxNgYnk37UwpDjqK3ZnD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d42dbba27dc711e5b4a3f4bf83967049_JaffaCakes118

Files

d42dbba27dc711e5b4a3f4bf83967049_JaffaCakes118
.exe windows:5 windows x86 arch:x86

1be4c4d2070663625340eb292d4313b3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_SYSTEM

Imports

ws2_32

shutdown
getservbyname

rasapi32

RasGetEapUserIdentityA

advapi32

LogonUserA
TreeResetNamedSecurityInfoW
EqualPrefixSid
InitiateSystemShutdownA
QueryUsersOnEncryptedFile
CryptHashSessionKey
LookupPrivilegeNameW
GetServiceDisplayNameW
GetSidIdentifierAuthority

wininet

FindNextUrlCacheEntryW
InternetGoOnline
DeleteUrlCacheEntryW

setupapi

SetupDiGetClassDescriptionExW

kernel32

GetModuleHandleA
QueryIdleProcessorCycleTime
GetConsoleMode
GetFileType
FlsGetValue
FindAtomW
GetOverlappedResult
GetSystemTime
FlushFileBuffers
GetVolumeInformationA
GetWindowsDirectoryA
EnumResourceTypesA
LocalFree
GetTimeZoneInformation
GetSystemWindowsDirectoryA
IsWow64Process
GetSystemPowerStatus
GetModuleFileNameW
GetComputerNameExW
MapViewOfFile
FindResourceExW
GetThreadSelectorEntry
GetCurrentProcess
WriteProfileStringA
GetPrivateProfileStringA
IsValidLocale
GetPrivateProfileSectionW
GetTapePosition
EnumResourceNamesW
DebugActiveProcess
GetShortPathNameA
GetExitCodeThread
GetCurrentThread
GetThreadLocale
GetTimeFormatW
GlobalAddAtomA
GetProfileSectionA
GetLocalTime
GetPrivateProfileIntW
LocalUnlock
GetSystemDirectoryA
GetTapeStatus
GetVolumePathNamesForVolumeNameW
GetAtomNameA
GetLogicalDrives
GetConsoleCursorInfo
GetCurrentDirectoryA
ReadFile
DeactivateActCtx

rpcrt4

RpcServerListen
RpcRaiseException

user32

GetWindowTextA
DestroyCaret
LoadCursorW
IsWindowVisible
GetMenuContextHelpId
GetDialogBaseUnits
GetMenuItemRect
GetPriorityClipboardFormat
DrawTextW
GetWindowRgn
GetKeyboardLayout
ChangeMenuA
ReleaseCapture
ExcludeUpdateRgn
LockWorkStation
DrawMenuBar
GetWindowLongW
GetTabbedTextExtentW
GetThreadDesktop
PostQuitMessage
GetMenuState
GetComboBoxInfo
CharNextW
GetLastActivePopup
GetMenuItemCount
DeferWindowPos
LookupIconIdFromDirectoryEx
GetWindowPlacement
LoadAcceleratorsA
FindWindowW
CreateIconFromResource
FlashWindowEx
DdeClientTransaction

esent

JetTerm2

ole32

CoUninitialize
CoTaskMemFree
MkParseDisplayName

version

GetFileVersionInfoSizeW

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
GetRecordInfoFromGuids
LoadTypeLi

shlwapi

GetMenuPosFromID
HashData
SHDeleteValueA

shell32

ExtractIconA

urlmon

CoGetClassObjectFromURL

gdi32

GetCurrentPositionEx
GetFontLanguageInfo
GetPolyFillMode
GetObjectType
GetLogColorSpaceA
GetObjectW

winspool.drv

DeletePortW

secur32

DecryptMessage

msvcrt

fgetws
fputws
realloc
strcmp

clusapi

GetClusterFromResource

winmm

mmioSendMessage

Sections

.text
Size: 126KB - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CODE
Size: 85KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CONST
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.crt1
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1be4c4d2070663625340eb292d4313b3

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

rasapi32

advapi32

wininet

setupapi

kernel32

rpcrt4

user32

esent

ole32

version

oleaut32

shlwapi

shell32

urlmon

gdi32

winspool.drv

secur32

msvcrt

clusapi

winmm

Sections

.text Size: 126KB - Virtual size: 125KB

CODE Size: 85KB - Virtual size: 93KB

CONST Size: 5KB - Virtual size: 4KB

.crt1 Size: 1024B - Virtual size: 944B

.text
Size: 126KB - Virtual size: 125KB

CODE
Size: 85KB - Virtual size: 93KB

CONST
Size: 5KB - Virtual size: 4KB

.crt1
Size: 1024B - Virtual size: 944B