ef1c6973c505a11ccbf29b34cd2640ed_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ef1c6973c505a11ccbf29b34cd2640ed_JaffaCakes118
Size

263KB
MD5

ef1c6973c505a11ccbf29b34cd2640ed
SHA1

7ad900e06cfdcc8fcac16d4e08799ce0c0e08fec
SHA256

8cf895785c345803c073616c824e0f06cd3270c95326e19d3ca5d6ce2f9cb27f
SHA512

10a8311a2d482fdead660647aff80dc3830b0d6dbb75d3eab8c0d09f6bdf5052ea627eb209bc863826679e8700eae8be8b7f2017f934ceb2cf91c8e1f6370d6d
SSDEEP

6144:eYz/3Ii7iiYGDw/fPvLdb3UrIoSmB+zFg3hJUCiJIeR:eYz/Yi7iiYQQPvRb3UX1SJJn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ef1c6973c505a11ccbf29b34cd2640ed_JaffaCakes118

Files

ef1c6973c505a11ccbf29b34cd2640ed_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3f07ef2876002f5051e05c7700d73218

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

userenv

UnloadUserProfile

shlwapi

PathAppendW

oleaut32

SafeArrayUnlock
SysStringByteLen
VariantChangeType
SafeArrayGetLBound
VariantInit
SystemTimeToVariantTime
VariantCopyInd
SafeArrayLock
SysAllocStringByteLen
SafeArrayGetVartype
VariantClear
VariantTimeToSystemTime
VariantCopy
SysFreeString
SysStringLen
SafeArrayCreate
LoadTypeLi
SafeArrayGetUBound
SysAllocString
SafeArrayCopy
SafeArrayDestroy
GetErrorInfo
SafeArrayRedim
LoadRegTypeLi

user32

UnregisterClassA

kernel32

GetProcessHeap
HeapSize
IsDebuggerPresent
GetACP
UnhandledExceptionFilter
lstrlenW
lstrlenA
SetUnhandledExceptionFilter
SetThreadLocale
GetThreadLocale
LeaveCriticalSection
FormatMessageW
CloseHandle
EnterCriticalSection
RaiseException
GetCurrentThreadId
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
HeapDestroy
DeleteCriticalSection
HeapReAlloc
CompareFileTime
VirtualAllocEx
GetModuleHandleA

ole32

CoCreateInstance
CLSIDFromProgID
CoRevertToSelf
CoImpersonateClient

shell32

SHGetFolderPathW

advapi32

IsValidSid
RegisterEventSourceW
OpenThreadToken
OpenProcessToken
EqualSid
GetLengthSid
ReportEventW
DeregisterEventSource
GetTokenInformation
CopySid

winspool.drv

SetPrinterA
GetJobW
SetFormW
DocumentPropertiesW
AdvancedDocumentPropertiesA
DeletePrintProvidorA
AddPortExW
AdvancedDocumentPropertiesW
SetDefaultPrinterA
AddPrinterW
EnumFormsW
DeletePrinterDriverW

qasf

DllCanUnloadNow

Sections

.Fwyn
Size: 2KB - Virtual size: 15KB

IMAGE_SCN_MEM_READ

.HCIMSI
Size: 2KB - Virtual size: 9KB

IMAGE_SCN_MEM_READ

.tHjuA
Size: 1KB - Virtual size: 21KB

IMAGE_SCN_MEM_READ

.IoCUXX
Size: 1024B - Virtual size: 32KB

IMAGE_SCN_MEM_READ

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.dTcRpBZ
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tjfA
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Rnxsqs
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.GlyNoQ
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vinvQ
Size: 1024B - Virtual size: 794B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 207KB - Virtual size: 207KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.DRBqUwj
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.VtOI
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.XgWUJkD
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3f07ef2876002f5051e05c7700d73218

Headers

File Characteristics

Imports

userenv

shlwapi

oleaut32

user32

kernel32

ole32

shell32

advapi32

winspool.drv

qasf

Sections

.Fwyn Size: 2KB - Virtual size: 15KB

.HCIMSI Size: 2KB - Virtual size: 9KB

.tHjuA Size: 1KB - Virtual size: 21KB

.IoCUXX Size: 1024B - Virtual size: 32KB

.text Size: 19KB - Virtual size: 19KB

.dTcRpBZ Size: 2KB - Virtual size: 2KB

.tjfA Size: 2KB - Virtual size: 1KB

.Rnxsqs Size: 2KB - Virtual size: 1KB

.GlyNoQ Size: 2KB - Virtual size: 1KB

.vinvQ Size: 1024B - Virtual size: 794B

.data Size: 8KB - Virtual size: 100KB

.rdata Size: 207KB - Virtual size: 207KB

.DRBqUwj Size: 3KB - Virtual size: 2KB

.VtOI Size: 3KB - Virtual size: 2KB

.XgWUJkD Size: 2KB - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 1KB

.Fwyn
Size: 2KB - Virtual size: 15KB

.HCIMSI
Size: 2KB - Virtual size: 9KB

.tHjuA
Size: 1KB - Virtual size: 21KB

.IoCUXX
Size: 1024B - Virtual size: 32KB

.text
Size: 19KB - Virtual size: 19KB

.dTcRpBZ
Size: 2KB - Virtual size: 2KB

.tjfA
Size: 2KB - Virtual size: 1KB

.Rnxsqs
Size: 2KB - Virtual size: 1KB

.GlyNoQ
Size: 2KB - Virtual size: 1KB

.vinvQ
Size: 1024B - Virtual size: 794B

.data
Size: 8KB - Virtual size: 100KB

.rdata
Size: 207KB - Virtual size: 207KB

.DRBqUwj
Size: 3KB - Virtual size: 2KB

.VtOI
Size: 3KB - Virtual size: 2KB

.XgWUJkD
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 1KB