f4f3b9c86556495784d6e7808d77ee97_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f4f3b9c86556495784d6e7808d77ee97_JaffaCakes118
Size

58KB
MD5

f4f3b9c86556495784d6e7808d77ee97
SHA1

b3e63b7cd401ca3ed7d6be8d37ea548e1228b9b0
SHA256

ddcc7584e5fb1928d4d6a91d2a3693bae6e2ce18adb3482f4f578459c5dfdfc1
SHA512

0bf311f01445e2041284e2b9c110851429ea40ef287ee1a3c3dca8b90a06947eee17be410330aa2a6a611007bef169afd15c33d216e2fb7b7fc479eb7423788f
SSDEEP

1536:nJQIOzjJztb9NnMcrBYPqhKwYm+tVQRQRQRQx:nkzj3RNBrB9cQRQRQRQx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f4f3b9c86556495784d6e7808d77ee97_JaffaCakes118

Files

f4f3b9c86556495784d6e7808d77ee97_JaffaCakes118
.exe windows:5 windows x86 arch:x86

994273015fab9beb11107d40084031fe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetPerformanceInfo
GetProcessImageFileNameW
GetModuleFileNameExA
EnumPageFilesW
EnumProcesses
GetDeviceDriverFileNameA
GetDeviceDriverBaseNameW
GetWsChanges
GetModuleInformation
GetMappedFileNameA
GetProcessMemoryInfo
GetModuleFileNameExW
GetProcessImageFileNameA
GetModuleBaseNameW
InitializeProcessForWsWatch
EnumProcessModules
GetModuleBaseNameA
QueryWorkingSet
GetDeviceDriverFileNameW

rpcrt4

RpcIfIdVectorFree
NdrEncapsulatedUnionMarshall
NDRcopy
NdrFixedArrayFree
RpcEpRegisterNoReplaceW
I_RpcIfInqTransferSyntaxes
RpcSsFree
RpcSsAllocate
NdrNonConformantStringBufferSize
NdrByteCountPointerBufferSize
NdrTypeFlags
RpcSsDestroyClientContext
RpcMgmtInqComTimeout
NdrFullPointerFree
RpcRevertToSelfEx
RpcServerRegisterAuthInfoW
NdrMesTypeDecode2
CStdStubBuffer_Disconnect
RpcServerRegisterIf2
I_RpcTransServerNewConnection

msls31

LsPointXYFromPointUV
LsFindNextBreakSubline
LsSqueezeSubline
LsTruncateSubline
LsModifyLineHeight
LsdnResolvePrevTab
LsdnModifyParaEnding
LsdnFinishByPen
LsSetExpansion
LsdnResetObjDim
LsQueryLineDup
LsSetCompression
LsGetReverseLsimethods
LsGetMinDurBreaks
LsGetTatenakayokoLsimethods
LsDestroyLine
LsCreateSubline

kernel32

lstrlen
HeapCreate
GetSystemTimeAsFileTime
ConvertFiberToThread
WriteFile
GetStartupInfoA
GetModuleHandleW
GetCurrentThreadId
DeleteTimerQueueTimer
QueryPerformanceCounter
LoadLibraryA
VirtualAlloc
LoadLibraryW
IsProcessInJob
GetProcAddress
OpenEventW
WritePrivateProfileStructW
GetTickCount
CopyFileW
GetCurrentProcessId
GlobalFix
DefineDosDeviceW

msi

MsiGetProductCodeW
MsiGetSourcePathW
MsiGetComponentStateW
MsiGetProductPropertyA
MsiGetPropertyW
MsiGetFeatureValidStatesW
MsiMessageBoxA
MsiReinstallFeatureFromDescriptorA
MsiViewFetch
MsiGetFeatureStateW
MsiGetFeatureInfoA

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 11KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

994273015fab9beb11107d40084031fe

Headers

DLL Characteristics

File Characteristics

Imports

psapi

rpcrt4

msls31

kernel32

msi

Sections

.text Size: 19KB - Virtual size: 18KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 11KB - Virtual size: 95KB

.rsrc Size: 20KB - Virtual size: 20KB

.reloc Size: 512B - Virtual size: 264B

.text
Size: 19KB - Virtual size: 18KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 11KB - Virtual size: 95KB

.rsrc
Size: 20KB - Virtual size: 20KB

.reloc
Size: 512B - Virtual size: 264B