ea470d8e986efa442c4476480a1b848b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ea470d8e986efa442c4476480a1b848b_JaffaCakes118
Size

592KB
MD5

ea470d8e986efa442c4476480a1b848b
SHA1

a2a851f329e6fc62ed6fed8170d972c71adbae98
SHA256

423b87c8504897f9c8c875e12cc4644aa64579981897d28f26dfd52ac054f62b
SHA512

d452992f00abf1132bfafa488552e1aef0f2d162972ed38ac360d900cf59b5b0a68178e7158c0cde029c80ef209466d02220afa7b3ff7f065d0d1a596eade669
SSDEEP

12288:MDQ+Sriu5pgUidJHxNCUci+bCu3BTu0bjfZHlzuQq68pmrMKyoOmWZ1f6Pt:+VSripldJRNFbMc0xlzmBRZd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ea470d8e986efa442c4476480a1b848b_JaffaCakes118

Files

ea470d8e986efa442c4476480a1b848b_JaffaCakes118
.exe windows:5 windows x86 arch:x86

63c180374ce1865596096bb748de9a88

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

userenv

FreeGPOListW
CreateEnvironmentBlock
GetProfilesDirectoryW
RegisterGPNotification
UnregisterGPNotification
ExpandEnvironmentStringsForUserW

kernel32

VirtualAlloc
VirtualFree
VerifyVersionInfoW
VerLanguageNameW
VerLanguageNameA
CreateNamedPipeW
EndUpdateResourceW
EnumLanguageGroupLocalesA
EnumResourceLanguagesA
ExitProcess
FindVolumeClose
GetACP
GetAtomNameW
GetCPInfo
GetCommandLineA
GetDriveTypeA
GetPrivateProfileIntA
GetSystemDirectoryW
GetSystemWindowsDirectoryW
GetTimeZoneInformation
GlobalDeleteAtom
GlobalWire
HeapAlloc
IsDBCSLeadByte
OpenMutexA
QueueUserAPC
QueueUserWorkItem
RtlZeroMemory
SetCurrentDirectoryA
SetHandleInformation
SetLastError
SetUnhandledExceptionFilter
UnregisterWaitEx

crtdll

_memicmp
strspn
strcoll
ldiv
iswgraph
_mbsspnp
_mbcjistojms
_exit
_finite
_fpreset
_ismbcl1
_loaddll
_locking

ntdll

NtFreeUserPhysicalPages
RtlNtStatusToDosError
RtlValidRelativeSecurityDescriptor
ZwAlertResumeThread
ZwPowerInformation
RtlConvertUiListToApiList
NtSetInformationObject
NtRaiseException

rpcrt4

RpcSsFree
UuidFromStringA
char_from_ndr
short_from_ndr_temp
tree_into_ndr
RpcServerYield
CStdStubBuffer_CountRefs
RpcBindingReset
RpcServerRegisterIf
RpcServerUseAllProtseqsEx
RpcServerUseProtseqEpA

version

GetFileVersionInfoSizeA
VerInstallFileA
VerInstallFileW
VerQueryValueW
GetFileVersionInfoA

Exports

Exports

HcfJgw
OlrnnvimkRpe
SgEzmb
Texwj
gqbqqheRyxgnvZc
icwxcnmVmebXXMgqw
kosCRamzoxbxJzeajki
kwfzemeprsbNxtt
nfcmOxhawi
robnlbHiAdrLnLwnO
wOlfyiefgtfieqdq
wcyAufexptcqwkm
xiSkudcqkuXdjfJ

Sections

.text
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 505KB - Virtual size: 507KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

63c180374ce1865596096bb748de9a88

Headers

File Characteristics

Imports

userenv

kernel32

crtdll

ntdll

rpcrt4

version

Exports

Exports

Sections

.text Size: 34KB - Virtual size: 34KB

.data Size: 505KB - Virtual size: 507KB

.rsrc Size: 51KB - Virtual size: 51KB

.text
Size: 34KB - Virtual size: 34KB

.data
Size: 505KB - Virtual size: 507KB

.rsrc
Size: 51KB - Virtual size: 51KB