d9647807efd2fbdecfc3c164587fa401_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d9647807efd2fbdecfc3c164587fa401_JaffaCakes118
Size

360KB
MD5

d9647807efd2fbdecfc3c164587fa401
SHA1

5039e959189cc5157e3eee400f50c06b9e0e59d8
SHA256

36c60f479d584f8d83e15203986dd14653e214be0c68d33e6ddfa6ad3cbd1157
SHA512

1252b5747fbaa28c7b9dfe2e8a237c4737ababd5c4a0f36818e47a222b9aad9ad0a62bb96869f9de22cff6b44901130361fc66421ede8059258972d13cf29724
SSDEEP

6144:179fwBzJ9IT+jHRwWsc3EEqkv2OOqsJMBmPd:1Bw9J0+j6WRA0VOqsUsd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d9647807efd2fbdecfc3c164587fa401_JaffaCakes118

Files

d9647807efd2fbdecfc3c164587fa401_JaffaCakes118
.exe windows:5 windows x86 arch:x86

aeba7fff055f57fd711b5a06922b6d3c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

EWJERj#@$Jtejwre.pdb

Imports

ws2_32

listen

winspool.drv

GetPrinterW
DocumentPropertiesW
EndDocPrinter

oleaut32

SafeArrayLock
CreateTypeLi

secur32

QuerySecurityPackageInfoW

wintrust

WTHelperGetProvSignerFromChain

advapi32

RegDisablePredefinedCache
QueryUsersOnEncryptedFile
LookupPrivilegeValueW
TreeResetNamedSecurityInfoW
CreateRestrictedToken
SetSecurityDescriptorSacl

winmm

PlaySoundW

shlwapi

StrToIntExW
SHCopyKeyW

imm32

ImmSimulateHotKey
ImmSetCompositionWindow

opengl32

glMapGrid1f

msacm32

acmDriverEnum

rasapi32

RasSetCustomAuthDataW

msvfw32

ICCompressorFree

msvcrt

fprintf

ole32

CoGetObject

gdi32

GetTextExtentExPointA
GetEnhMetaFilePaletteEntries
EnumFontsA
GetPaletteEntries
CreateMetaFileA
CreateSolidBrush

wininet

FtpOpenFileA

crypt32

CryptInstallDefaultContext

user32

IsClipboardFormatAvailable
MonitorFromPoint
TrackPopupMenuEx
TranslateAcceleratorA
ModifyMenuA
EndDialog

kernel32

UnlockFileEx
GetSystemWow64DirectoryA
CreateSemaphoreA
GetModuleHandleA
GetDefaultCommConfigA
CallNamedPipeW
GetBinaryTypeW
GetNamedPipeHandleStateA
FindCloseChangeNotification
GetSystemPowerStatus
CopyFileA
OpenSemaphoreA
GetBinaryTypeA

ntdsapi

DsBindWithCredA

rpcrt4

RpcBindingSetAuthInfoExA
UuidToStringW
I_RpcSessionStrictContextHandle

setupapi

SetupDiEnumDeviceInfo
SetupDiGetClassInstallParamsA
SetupDiBuildClassInfoListExW
SetupGetLineTextA
SetupQueueCopyIndirectW

esent

JetCommitTransaction

Sections

.text
Size: 216KB - Virtual size: 212KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aeba7fff055f57fd711b5a06922b6d3c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

winspool.drv

oleaut32

secur32

wintrust

advapi32

winmm

shlwapi

imm32

opengl32

msacm32

rasapi32

msvfw32

msvcrt

ole32

gdi32

wininet

crypt32

user32

kernel32

ntdsapi

rpcrt4

setupapi

esent

Sections

.text Size: 216KB - Virtual size: 212KB

.data Size: 48KB - Virtual size: 54KB

.idata Size: 4KB - Virtual size: 2KB

.rsrc Size: 68KB - Virtual size: 66KB

.reloc Size: 20KB - Virtual size: 16KB

.text
Size: 216KB - Virtual size: 212KB

.data
Size: 48KB - Virtual size: 54KB

.idata
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 68KB - Virtual size: 66KB

.reloc
Size: 20KB - Virtual size: 16KB