d9954f313034d1afcfc6a34e51c3e90b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d9954f313034d1afcfc6a34e51c3e90b_JaffaCakes118
Size

64KB
MD5

d9954f313034d1afcfc6a34e51c3e90b
SHA1

c5ec865deb28309a03eaac31b11b7be8297fca47
SHA256

197f2989612c725a8b0543f63bf91c8302b9b00cbbd4a70aa900ea0005a1d98d
SHA512

12ce90e6ac3a979b7f1aa1520a1e7a8b55fda3372e21231642eca18132e6c199ee7b7dec2470065a62a135d5daeb57d3761d3f7308c59431dadccae0e1d42da9
SSDEEP

1536:FGry8j/3mJLI81FuprEGC5LE31DyiNZLCr2xTa:6yQvwdFpjL2DdZuZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d9954f313034d1afcfc6a34e51c3e90b_JaffaCakes118

Files

d9954f313034d1afcfc6a34e51c3e90b_JaffaCakes118
.exe windows:5 windows x86 arch:x86

77b2d8f83bc2c3d374d1b49202d6e53d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStartupInfoA
GetProcessWorkingSetSize
LZDone
GetModuleHandleW
CreateProcessA
VirtualAlloc
ReadFileScatter
EnumerateLocalComputerNamesW
LoadLibraryW
GetCurrentProcessId
GetGeoInfoW
ReadDirectoryChangesW
GetProcAddress
GetCurrentThreadId
SetConsoleTitleA
QueryPerformanceCounter
GetComputerNameA
HeapReAlloc
GetSystemTimeAsFileTime
GetTickCount
LoadLibraryA

polstore

IPSecCreateNFAData
IPSecCreateFilterData
IPSecCopyFilterData
IPSecFreeNFAData
IPSecFreeFilterData
IPSecAllocPolMem
IPSecEnumFilterData
IPSecFreeMulISAKMPData
IPSecCopyPolicyData
IPSecSetFilterData
IPSecDeleteFilterData
IPSecCreateNegPolData
IPSecCopyFilterSpec
IPSecImportPolicies
IPSecGetNegPolData
IPSecGetFilterData
IPSecFreeISAKMPData

mscms

GetPS2ColorRenderingDictionary
ConvertColorNameToIndex
EnumColorProfilesA
InstallColorProfileA
GenerateCopyFilePaths
GetColorProfileHeader
GetColorProfileElementTag
SetStandardColorSpaceProfileA
InternalGetPS2CSAFromLCS
GetNamedProfileInfo
GetCountColorProfileElements
CheckColors
GetStandardColorSpaceProfileA
GetCMMInfo
SetColorProfileElementSize

usp10

ScriptCacheGetHeight
ScriptShape
ScriptPlace
ScriptApplyLogicalWidth
ScriptCPtoX
ScriptString_pcOutChars
ScriptGetLogicalWidths
ScriptString_pLogAttr
UspAllocCache
ScriptTextOut
ScriptGetCMap
UspFreeMem
ScriptStringOut
UspAllocTemp
ScriptXtoCP
ScriptString_pSize
ScriptRecordDigitSubstitution

msvcrt40

vsprintf
_putw
_ismbcalpha
??5istream@@QAEAAV0@P6AAAVios@@AAV1@@Z@Z
?peek@istream@@QAEHXZ
setvbuf
??4ostrstream@@QAEAAV0@ABV0@@Z
_winver
_fgetwchar
??_Gstrstreambuf@@UAEPAXI@Z
_heapset
?get@istream@@QAEAAV1@AAC@Z
??_Gstdiobuf@@UAEPAXI@Z
?str@istrstream@@QAEPADXZ
getenv

mfc40

DllGetClassObject
DllUnregisterServer
DllRegisterServer
DllCanUnloadNow

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 9KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

77b2d8f83bc2c3d374d1b49202d6e53d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

polstore

mscms

usp10

msvcrt40

mfc40

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 9KB - Virtual size: 62KB

.rsrc Size: 20KB - Virtual size: 19KB

.reloc Size: 512B - Virtual size: 500B

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 9KB - Virtual size: 62KB

.rsrc
Size: 20KB - Virtual size: 19KB

.reloc
Size: 512B - Virtual size: 500B