dffdc89a4bfcf454022d0944501f907d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

dffdc89a4bfcf454022d0944501f907d_JaffaCakes118
Size

74KB
MD5

dffdc89a4bfcf454022d0944501f907d
SHA1

8a643479a061367a0eeffb7793bc9562c556bc01
SHA256

ece636663f6da04af1997cc4dbafe9c81dbf7f9a94d0abfc2308eddced2c5ded
SHA512

1700e93f0aba6f11500129f493d5c924791ebcfa2378aca541faca8fa6d85037d91e4e06ca38dd178a5af958e58e971088ecab750cf576848f40ac217a48a1a6
SSDEEP

1536:yznExsrTh5neVe6uWEbsL24jJdhhx3A1OGiOXDBPUqcpT2b3euu:yTAsr2Ve6csL2SJXhGqSBPMmu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dffdc89a4bfcf454022d0944501f907d_JaffaCakes118

Files

dffdc89a4bfcf454022d0944501f907d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e9ddf5f8a544b80e6303c519e6e61f08

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

ZwOpenThread
RtlImageNtHeader
ZwQuerySystemInformation
RtlAdjustPrivilege
ZwImpersonateThread
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
ZwLoadDriver
_snwprintf
strncat
RtlRandom
LdrAddRefDll
ZwMakeTemporaryObject
sscanf
strncpy
strchr
ZwClose
_snprintf
ZwQueryValueKey
ZwOpenKey
RtlInitUnicodeString
RtlEqualUnicodeString
memset
memcpy

shlwapi

SHDeleteKeyA
PathFindFileNameA
PathFileExistsW

imagehlp

CheckSumMappedFile

psapi

GetMappedFileNameW

wininet

InternetConnectA
HttpOpenRequestA
InternetOpenA
HttpSendRequestA
InternetQueryOptionA
InternetSetOptionA
InternetCloseHandle
InternetCrackUrlA

kernel32

DeleteFileW
Sleep
ExitProcess
UnmapViewOfFile
GetFileSize
MapViewOfFile
CreateFileMappingA
CreateFileW
CopyFileW
GetModuleHandleW
GetCurrentProcess
GetModuleHandleA
GetProcAddress
DeleteFileA
GetSystemTime
WritePrivateProfileStringA
GetTickCount
WriteFile
CreateFileA
GetTempFileNameA
GetTempPathA
VirtualFree
CreateThread
CloseHandle
GetLastError
GetVersionExA
MoveFileExW
GetTempPathW
GetModuleFileNameW
VirtualAlloc
GetTempFileNameW

winspool.drv

AddPrintProvidorW
DeletePrintProvidorW

advapi32

CloseServiceHandle
QueryServiceStatusEx
StartServiceA
OpenSCManagerA
OpenServiceA
RegCloseKey
RegSetValueExA
RegCreateKeyA

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tdl
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 612B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e9ddf5f8a544b80e6303c519e6e61f08

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

shlwapi

imagehlp

psapi

wininet

kernel32

winspool.drv

advapi32

Sections

.text Size: 6KB - Virtual size: 5KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: - Virtual size: 4KB

.tdl Size: 62KB - Virtual size: 62KB

.rsrc Size: 512B - Virtual size: 448B

.reloc Size: 1024B - Virtual size: 612B

.text
Size: 6KB - Virtual size: 5KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: - Virtual size: 4KB

.tdl
Size: 62KB - Virtual size: 62KB

.rsrc
Size: 512B - Virtual size: 448B

.reloc
Size: 1024B - Virtual size: 612B