e39b73ada152cdf38c798d4f1a3adcae_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

e39b73ada152cdf38c798d4f1a3adcae_JaffaCakes118
Size

320KB
MD5

e39b73ada152cdf38c798d4f1a3adcae
SHA1

d0930ef2e3c7fe77323fb63100fd47a6e1036b52
SHA256

1910eec1c97db1203b122666d465216b9cf7f5582128a3a0f158852261b296b7
SHA512

bb19cfd02e1a5205a2d4285777a5604ea290b71af938855c31483d28b0ba7ad9ce4809b77801c1dd9a7168830d17ce4029d4ebedd28b84d6b0aa2acfc34bff20
SSDEEP

6144:q+ipCoE71yADLfDWOaBXBo534uwJnFGOmaU5:Nip7E7/L0BY34uU7pw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e39b73ada152cdf38c798d4f1a3adcae_JaffaCakes118

Files

e39b73ada152cdf38c798d4f1a3adcae_JaffaCakes118
.exe windows:5 windows x86 arch:x86

5ba511ecbcdde97f0fe38123f6d1d045

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_BIND
IMAGE_DLLCHARACTERISTICS_WDM_DRIVER
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_SYSTEM
IMAGE_FILE_UP_SYSTEM_ONLY

PDB Paths

C:\elsewhere\enhance\OnConnectionm.pdb

Imports

kernel32

GetLastError
GetProcAddress
VerLanguageNameA
LoadLibraryA
LockResource
GetProfileStringA
WriteProfileStringA
GetThreadPriority
CloseHandle
lstrcpyA
ReadFile
GetProcessHeap
SetEndOfFile
SetThreadPriority
SetPriorityClass
GetStringTypeW
LCMapStringW
HeapReAlloc
FlushFileBuffers
SetStdHandle
WriteConsoleW
SetFilePointer
HeapSize
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
Sleep
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
MultiByteToWideChar
lstrcatA
SizeofResource
LoadLibraryW
GetVolumeInformationA
FindResourceExA
GetPriorityClass
GetUserDefaultLangID
WriteFile
GetCurrentThread
GetCurrentProcess
HeapAlloc
LoadResource
SetErrorMode
lstrlenA
FreeResource
FindResourceA
CreateFileA
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
GetFullPathNameA
FreeEnvironmentStringsW
GetModuleFileNameA
RaiseException
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
IsProcessorFeaturePresent
RtlUnwind
HeapCreate
GetModuleFileNameW
GetStdHandle
InterlockedDecrement
GetCurrentThreadId
GetModuleHandleW
ExitProcess
DecodePointer
HeapFree
GetCommandLineA
HeapSetInformation
GetStartupInfoW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
EncodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
CreateFileW

user32

KillTimer
LookupIconIdFromDirectory
DialogBoxParamA
UpdateWindow
CreateIconFromResource
DefWindowProcA
EndDialog
GetClassNameW
InvalidateRect
GetWindowTextA
GetDC
BeginPaint
SendMessageA
GetWindowTextLengthA
EndPaint
DestroyWindow
GetClientRect
SendDlgItemMessageA
SetTimer
DrawTextA
LoadMenuA
wsprintfA

gdi32

GetTextExtentPoint32A
LineTo
SetTextColor
CreateFontA
GetDeviceCaps
CreateFontIndirectA
DeleteObject
SelectObject
Rectangle
SaveDC
SetDCPenColor
CreatePen
GetStockObject
RestoreDC
EnumFontsA
TextOutA
MoveToEx

advapi32

OpenSCManagerA

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

comctl32

ord16

pdh

PdhUpdateLogFileCatalog
PdhSetCounterScaleFactor

rasapi32

RasGetErrorStringA
RasEnumConnectionsA

Sections

.text
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mss
Size: 145KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.relong
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.try
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.get
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5ba511ecbcdde97f0fe38123f6d1d045

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

version

comctl32

pdh

rasapi32

Sections

.text Size: 71KB - Virtual size: 70KB

.rdata Size: 19KB - Virtual size: 19KB

.data Size: 5KB - Virtual size: 44KB

.mss Size: 145KB - Virtual size: 144KB

.relong Size: 55KB - Virtual size: 54KB

.mata Size: 5KB - Virtual size: 4KB

.try Size: 3KB - Virtual size: 3KB

.get Size: 3KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 71KB - Virtual size: 70KB

.rdata
Size: 19KB - Virtual size: 19KB

.data
Size: 5KB - Virtual size: 44KB

.mss
Size: 145KB - Virtual size: 144KB

.relong
Size: 55KB - Virtual size: 54KB

.mata
Size: 5KB - Virtual size: 4KB

.try
Size: 3KB - Virtual size: 3KB

.get
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 10KB - Virtual size: 10KB