dea087eebbb1652f077c0dfa122c96e7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

dea087eebbb1652f077c0dfa122c96e7_JaffaCakes118
Size

324KB
MD5

dea087eebbb1652f077c0dfa122c96e7
SHA1

9317fa27a51d7cf695ee439ca76ed6e3c939270e
SHA256

a96bed892e6a4a763d921c74e2497bc1dff3fd3fd051bd75261cac176abe8d53
SHA512

ea4f74769f6f7d4214cb0bed003f74b53a309a612c1d9618017250bc5896d1b7da12a82c2e10d09c1c84e5f0444d289f7c19b432c643a5074681e7ab7561eea5
SSDEEP

6144:8e9mefx885vUcBB8FvLRQk0OP3PWd8o0YPFG1ZPJTbfE5G0H849Km:/9Fx4czEvLREOP32DFG1Zabc47

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dea087eebbb1652f077c0dfa122c96e7_JaffaCakes118

Files

dea087eebbb1652f077c0dfa122c96e7_JaffaCakes118
.exe windows:5 windows x86 arch:x86

2decd4ea7244420d7914f0546099d5b1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mswsock

GetAcceptExSockaddrs
AcceptEx

rpcrt4

NdrClientCall2
RpcStringFreeW
RpcBindingFromStringBindingW
RpcBindingFree
RpcEpResolveBinding
RpcBindingSetAuthInfoExW
RpcStringBindingComposeW
I_RpcExceptionFilter

kernel32

GetVolumeInformationW
LoadLibraryA
GetCurrentProcessId
GlobalAlloc
GetShortPathNameW
InterlockedIncrement
CreateEventW
TlsFree
GetSystemDefaultUILanguage
WaitForSingleObject
GlobalUnlock
LoadResource
DisableThreadLibraryCalls
GetCurrentProcess
DeleteCriticalSection
SetUnhandledExceptionFilter
lstrcpynW
DelayLoadFailureHook
GetLastError
InitializeCriticalSectionAndSpinCount
GetFullPathNameW
LoadLibraryW
GetSystemTimeAsFileTime
GetProcAddress
FreeResource
ExpandEnvironmentStringsW
SetLastError
GetVersionExA
InterlockedDecrement
FreeLibraryAndExitThread
SetErrorMode
FindResourceExW
FindNextFileW
GlobalReAlloc
lstrcmpiW
GetCurrentThreadId
lstrlenW
lstrcpyA
InterlockedCompareExchange
GlobalLock
LocalFree
ResetEvent
SetEvent
lstrcmpW
WideCharToMultiByte
CreateThread
GetACP
GetModuleFileNameW
FreeLibrary
GetTickCount
QueryPerformanceCounter
SizeofResource
lstrlenA
GetProcessVersion
GetModuleHandleW
DeleteFileW
TerminateProcess
SetCurrentDirectoryW
TlsSetValue
UnhandledExceptionFilter
GetDriveTypeW
GetModuleHandleA
LocalSize
GetFileAttributesW
LocalAlloc
GlobalFree
EnterCriticalSection
GetLocaleInfoW
TlsAlloc
CreateFileW
FindResourceA
FindResourceW
LocalReAlloc
MultiByteToWideChar
GetTempFileNameW
MulDiv
FormatMessageW
GetUserDefaultLCID
LeaveCriticalSection
GetCurrentDirectoryW
InterlockedExchange
CloseHandle
GetProfileStringW
FindClose
TlsGetValue
FindFirstFileW
lstrcpyW
LockResource

dnsapi

DnsReplaceRecordSetW

ntdll

RtlIsNameLegalDOS8Dot3
strlen
NtAllocateVirtualMemory
_chkstk
RtlInitUnicodeStringEx
_wcsicmp
RtlUnicodeToMultiByteSize
RtlUnicodeStringToAnsiString
RtlAnsiStringToUnicodeString
RtlUnwind
wcslen
NtQueryVirtualMemory

userenv

RsopSetPolicySettingStatus

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 230KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2decd4ea7244420d7914f0546099d5b1

Headers

DLL Characteristics

File Characteristics

Imports

mswsock

rpcrt4

kernel32

dnsapi

ntdll

userenv

Sections

.text Size: 13KB - Virtual size: 13KB

.data Size: 230KB - Virtual size: 1.4MB

.rdata Size: 15KB - Virtual size: 15KB

.rsrc Size: 64KB - Virtual size: 63KB

.tls Size: 512B - Virtual size: 4KB

.text
Size: 13KB - Virtual size: 13KB

.data
Size: 230KB - Virtual size: 1.4MB

.rdata
Size: 15KB - Virtual size: 15KB

.rsrc
Size: 64KB - Virtual size: 63KB

.tls
Size: 512B - Virtual size: 4KB