dc1b16d18b5a7bd58fb8002dc33c69e1_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

dc1b16d18b5a7bd58fb8002dc33c69e1_JaffaCakes118
Size

451KB
MD5

dc1b16d18b5a7bd58fb8002dc33c69e1
SHA1

522cc09ed47e9e34ae1684ac841ca9eb1a05f9f9
SHA256

cc79082a92729cd222e51a0f8ccb55bfb53e90127d5047fb42d9df9971387452
SHA512

d318a04784e4eccaca9ca6892446459f7e4387cded138739ef7d67dd0bdffa0a598dc21d07b9f79a35af8add48c979ba0494c61a855c3e3183fe43f4f79c1c70
SSDEEP

3072:cpzIzSg4fMyTHQuIlur0qM5lKdAmebh372lmg9g52oigI75ehCb2dbLriMos/C:cFgyTHQdw0v5lKdkbhr2wgGC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dc1b16d18b5a7bd58fb8002dc33c69e1_JaffaCakes118

Files

dc1b16d18b5a7bd58fb8002dc33c69e1_JaffaCakes118
.exe windows:5 windows x86 arch:x86

fd0c2a04d8f21ab03c9d1291f83ef2e0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

3\\qwhW#jerjw\erjw#HJERjwr\\.pdb

Imports

ws2_32

listen

msvcrt

strcmp
fputws
fputc
strspn
fgetws
memset
_time64
_localtime64
fread

powrprof

GetPwrCapabilities

gdi32

FrameRgn
GetTextExtentPointW
SetStretchBltMode
GdiSetBatchLimit
RestoreDC
GetViewportExtEx
GetPaletteEntries
GetWorldTransform
GetTextAlign
ExtTextOutA
GetPath
GetTextFaceA
GetBkColor
DeleteMetaFile
GetTextExtentPoint32W
GetObjectW
GetTextExtentExPointW
GetCharWidth32W
GetBitmapBits

secur32

GetComputerObjectNameW
InitializeSecurityContextA
EnumerateSecurityPackagesW

advapi32

LookupPrivilegeNameW
GetUserNameW
GetUserNameA
GetEventLogInformation
InitializeSecurityDescriptor
ImpersonateSelf
LookupPrivilegeNameA
IsTokenRestricted

oleaut32

VarCyMul
LoadRegTypeLi
GetRecordInfoFromTypeInfo

user32

LoadMenuW
GetWindowRgnBox
GetWindowPlacement
GetSysColor
GetCaretBlinkTime
GetClassInfoW
GetClassInfoA
IsRectEmpty
LoadBitmapW
GetComboBoxInfo
GetWindowThreadProcessId
GetSystemMenu
GetClientRect
GetKeyboardLayoutList
GetClassLongA
GetMenuContextHelpId
ModifyMenuA
DrawMenuBar
GetMenuStringA
DialogBoxParamA
GetTabbedTextExtentA
GetSysColorBrush
GetDlgItemInt
DestroyCursor
GetUpdateRect
DefWindowProcW
GetCaretPos
DefFrameProcW
GetMenuState
GetClassInfoExA
LoadImageA
LoadAcceleratorsW
LockSetForegroundWindow
DdeSetUserHandle
LogicalToPhysicalPoint
DestroyWindow
GetMenuItemID
GetScrollInfo
UpdateWindow
wsprintfA
DrawTextW
GetTitleBarInfo
LoadStringW
LoadCursorFromFileA
ExcludeUpdateRgn
GetDoubleClickTime
LoadMenuA
FlashWindowEx
DeregisterShellHookWindow
FindWindowA
GetShellWindow
LoadAcceleratorsA

winspool.drv

FindFirstPrinterChangeNotification
DeletePrinterDriverW
GetPrinterDriverDirectoryA

shell32

ExtractIconExW
ExtractAssociatedIconA
FindExecutableA

kernel32

LocalFree
FindFirstFileExA
GetPrivateProfileSectionA
GlobalGetAtomNameW
GetShortPathNameW
GetTempPathA
GetVolumePathNamesForVolumeNameW
GetWindowsDirectoryW
FindActCtxSectionStringW
DefineDosDeviceW
GetDefaultCommConfigW
GetVolumePathNameW
EnumSystemLocalesA
FileTimeToSystemTime
GetConsoleTitleA
GetProfileSectionA
GetFileAttributesExW
FileTimeToDosDateTime
IsValidLocale
EnumUILanguagesW
DeviceIoControl
GetCompressedFileSizeW
LockFileEx
VirtualAllocEx
FreeConsole
LocalFlags
GetThreadTimes
GetCurrentConsoleFont
GetComputerNameA
GetConsoleCP
GetStartupInfoA
FindResourceW
GetTimeFormatW
DeactivateActCtx
GetSystemPowerStatus
EnumResourceTypesA
LocalHandle
GetTickCount
GetLargestConsoleWindowSize
GetProcAddress
SleepEx
GetOEMCP
GetOverlappedResult
IsProcessorFeaturePresent
ResumeThread
GetProcessId
ApplicationRecoveryInProgress
FlushProcessWriteBuffers
GetBinaryTypeA
GetModuleHandleW
Sleep
GetSystemDirectoryA
LoadResource
GetExitCodeProcess
GetLocaleInfoW
DecodePointer

version

GetFileVersionInfoA

comdlg32

GetOpenFileNameW

wininet

FindFirstUrlCacheEntryExW
InternetInitializeAutoProxyDll
DeleteUrlCacheEntryW

mscms

GetStandardColorSpaceProfileW

urlmon

GetClassFileOrMime
FaultInIEFeature
CoInternetIsFeatureEnabled

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.P
Size: 363KB - Virtual size: 371KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fd0c2a04d8f21ab03c9d1291f83ef2e0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

msvcrt

powrprof

gdi32

secur32

advapi32

oleaut32

user32

winspool.drv

shell32

kernel32

version

comdlg32

wininet

mscms

urlmon

Sections

.text Size: 40KB - Virtual size: 40KB

.P Size: 363KB - Virtual size: 371KB

.idata Size: 5KB - Virtual size: 5KB

.rsrc Size: 40KB - Virtual size: 40KB

.text
Size: 40KB - Virtual size: 40KB

.P
Size: 363KB - Virtual size: 371KB

.idata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 40KB - Virtual size: 40KB