da0f6cbf3684d03a69b7a453304040d7_JaffaCakes118

General

Target

da0f6cbf3684d03a69b7a453304040d7_JaffaCakes118
Size

386KB
MD5

da0f6cbf3684d03a69b7a453304040d7
SHA1

0429468ca1e0fa27b63452563d8092cf2899f897
SHA256

48e908c586746dbb7caae0a0071daf608ad41734bdb866c26370b639936cdeaf
SHA512

12a30120309b7705ceb0cdd01ce71122731a0920f7c599d5946d282328ab2a0362457d4562b70731df2b01c1616cc7721c5d912b99c26b95875bf122f2c1b13f
SSDEEP

6144:oUlWQ0j416LhVRFmhTysSVKq0aPIbqZ30sPihnChW7GwthJDSIobn:Zl+Fh4PvaPIKPihChWiwtCImn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
da0f6cbf3684d03a69b7a453304040d7_JaffaCakes118

Files

da0f6cbf3684d03a69b7a453304040d7_JaffaCakes118
.exe windows:5 windows x86 arch:x86

552829d8b0f7b8ed1a5688f5a076799b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegOpenCurrentUser
AccessCheckByTypeAndAuditAlarmW
RegOpenKeyExA
ConvertAccessToSecurityDescriptorA
QueryWindows31FilesMigration
ImpersonateLoggedOnUser
RegEnumKeyA
ChangeServiceConfigA
SystemFunction028

kernel32

GlobalAddAtomA
NlsConvertIntegerToString
RtlZeroMemory
LockFileEx
CompareStringW
DosPathToSessionPathA
EnumSystemLanguageGroupsW
GetConsoleCommandHistoryA
_llseek
MoveFileW
SetEvent
EnumCalendarInfoW
GetConsoleWindow
GetConsoleNlsMode
SetConsoleCtrlHandler

user32

PeekMessageA
DdeGetLastError
GetSystemMenu
GetLastInputInfo
SendMessageCallbackA
DestroyWindow
WinHelpA
NotifyWinEvent

msvcrt

_mbsspnp
_rotr
_wexecl
_timezone
_i64toa
vsprintf
isleadbyte
_finite
_utime
_wfindnext

ole32

RevokeDragDrop
CreateErrorInfo
CoWaitForMultipleHandles
StgOpenAsyncDocfileOnIFillLockBytes
WdtpInterfacePointer_UserFree
CoUninitialize
SetConvertStg

gdi32

GdiGetSpoolMessage
CheckColorsInGamut
GdiConvertEnhMetaFile
EngPlgBlt
GdiEntry8
SetRelAbs

Sections

.text
Size: 382KB - Virtual size: 382KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 549KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

552829d8b0f7b8ed1a5688f5a076799b

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msvcrt

ole32

gdi32

Sections

.text Size: 382KB - Virtual size: 382KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 1024B - Virtual size: 549KB

.text
Size: 382KB - Virtual size: 382KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 1024B - Virtual size: 549KB