d44f9827250a3e6150202503c103b189_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d44f9827250a3e6150202503c103b189_JaffaCakes118
Size

434KB
MD5

d44f9827250a3e6150202503c103b189
SHA1

de6a82ebe511a651373a75de5d2da18a6a8c4c05
SHA256

a024705b1d1d7941ac1d5732f9119689879be8cb3c19efbfbf9ea601d18a9190
SHA512

6272f2fcaaf9ab5323fb8c7c3cf7d987589ae6f8503d760a6b826e75def93e696b44a21e2ed3a0a65f63178a54669ea263e3f43d2b873267c47a706bdef1bd79
SSDEEP

6144:kpU/1iBI33xvct/k+ebclM0Oebai0jbo5KwIdnABuELsVhCs2jvKtx8roV1:V1333yJFZ+2KsHXBuEL3/sxa+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d44f9827250a3e6150202503c103b189_JaffaCakes118

Files

d44f9827250a3e6150202503c103b189_JaffaCakes118
.exe windows:5 windows x86 arch:x86

6a0867ffc690794b54140073db11642d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

RpcBindingFree
NdrClientCall2
RpcBindingFromStringBindingW
RpcBindingSetAuthInfoExW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock
ExpandEnvironmentStringsForUserW

winsta

WinStationFreeMemory
WinStationEnumerateW
WinStationQueryInformationW

kernel32

CreateDirectoryW
GetSystemWindowsDirectoryW
LoadLibraryExW
GetSystemDirectoryW
CloseHandle
GetCurrentThreadId
GetCurrentProcessId
LocalFree
GetCurrentThread
HeapFree
GetProcessHeap
DuplicateHandle
GetCurrentProcess
ProcessIdToSessionId
GetVersionExW
OpenProcess
FreeLibrary
GetLastError
GetProcAddress
DisconnectNamedPipe
WriteFile
GetOverlappedResult
WaitForMultipleObjects
ReadFile
ResetEvent
CreateEventW
SetEvent
ConnectNamedPipe
WaitForSingleObject
CreateNamedPipeW
HeapAlloc
LeaveCriticalSection
EnterCriticalSection
CreateThread
DeleteCriticalSection
InitializeCriticalSection
CreateMutexW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
LocalAlloc
GetTempPathW
DisableThreadLibraryCalls

user32

GetUserObjectInformationW
OpenWindowStationW
CloseWindowStation

advapi32

FreeSid
AllocateAndInitializeSid
GetSecurityDescriptorDacl
AccessCheck
AddAccessDeniedAce
DuplicateToken
GetLengthSid
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
RegisterServiceCtrlHandlerExW
SetServiceStatus
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
CreateProcessAsUserW
GetSecurityInfo
ImpersonateNamedPipeClient
OpenThreadToken
RevertToSelf
SetNamedSecurityInfoW

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 96KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: 2KB - Virtual size: 328B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ik
Size: 96KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ocode
Size: 2KB - Virtual size: 46B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mcode
Size: 2KB - Virtual size: 46B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.kpack
Size: 2KB - Virtual size: 46B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.kpack0
Size: 96KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.oaks0
Size: 2KB - Virtual size: 162B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gbd
Size: 2KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 2KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 394B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6a0867ffc690794b54140073db11642d

Headers

DLL Characteristics

File Characteristics

Imports

rpcrt4

userenv

winsta

kernel32

user32

advapi32

Sections

.text Size: 10KB - Virtual size: 9KB

.rdata Size: 100KB - Virtual size: 98KB

.data Size: 2KB - Virtual size: 1KB

.tls Size: 96KB - Virtual size: 94KB

.ndata Size: 2KB - Virtual size: 328B

.ik Size: 96KB - Virtual size: 94KB

.ocode Size: 2KB - Virtual size: 46B

.mcode Size: 2KB - Virtual size: 46B

.kpack Size: 2KB - Virtual size: 46B

.kpack0 Size: 96KB - Virtual size: 94KB

.oaks0 Size: 2KB - Virtual size: 162B

.gbd Size: 2KB - Virtual size: 48B

.CRT Size: 2KB - Virtual size: 12B

.rsrc Size: 16KB - Virtual size: 15KB

.reloc Size: 2KB - Virtual size: 394B

.text
Size: 10KB - Virtual size: 9KB

.rdata
Size: 100KB - Virtual size: 98KB

.data
Size: 2KB - Virtual size: 1KB

.tls
Size: 96KB - Virtual size: 94KB

.ndata
Size: 2KB - Virtual size: 328B

.ik
Size: 96KB - Virtual size: 94KB

.ocode
Size: 2KB - Virtual size: 46B

.mcode
Size: 2KB - Virtual size: 46B

.kpack
Size: 2KB - Virtual size: 46B

.kpack0
Size: 96KB - Virtual size: 94KB

.oaks0
Size: 2KB - Virtual size: 162B

.gbd
Size: 2KB - Virtual size: 48B

.CRT
Size: 2KB - Virtual size: 12B

.rsrc
Size: 16KB - Virtual size: 15KB

.reloc
Size: 2KB - Virtual size: 394B