f524e69298b222e54076d22f4999f266_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f524e69298b222e54076d22f4999f266_JaffaCakes118
Size

128KB
MD5

f524e69298b222e54076d22f4999f266
SHA1

9cb428163c33dc79cdad8c2cbd3213d75b88d87d
SHA256

5c70310a5f85839abe60aa88ba277767ea3767ab7cc080679e32955c9916500b
SHA512

b2ebcf689fa648ab9ee4eecafc530eebf422a397a08ef2d394fa5f9b3d86726bb4c083231b740152040fa6a43974e07d45ac8cd199f8b3396f59d068ffb51938
SSDEEP

3072:QfVUJctoL499aYlQ35sdhcfgJxvoFD7Fg:Qfxto0jat+hXNoFD7F

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f524e69298b222e54076d22f4999f266_JaffaCakes118

Files

f524e69298b222e54076d22f4999f266_JaffaCakes118
.exe windows:5 windows x86 arch:x86

fbd15de7d98a14457328f9d5b0980f0e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

esent

JetCloseTable@8
JetDefragment2
JetGetCounter
JetResetCounter
JetSetCurrentIndex4
JetEnumerateColumns
JetConvertDDL
JetGetDatabaseInfo
JetSetColumn@28
ese
JetGetTruncateLogInfoInstance
JetStopBackupInstance
JetMove@16
JetMakeKey
JetIndexRecordCount
JetUpgradeDatabase
JetEscrowUpdate

mssign32

PvkPrivateKeySaveToMemoryA
PvkPrivateKeyLoadFromMemory
PvkPrivateKeyAcquireContextFromMemoryA
PvkPrivateKeyAcquireContextFromMemory
GetCryptProvFromCert
PvkFreeCryptProv
SignerAddTimeStampResponseEx
PvkPrivateKeyReleaseContextA
PvkPrivateKeyLoadA
SignerTimeStamp
FreeCryptProvFromCert
PvkPrivateKeyReleaseContext
SignerFreeSignerContext
SignerSignEx
PvkPrivateKeyAcquireContext

ntdll

RtlFlushSecureMemoryCache
NtCreateProcessEx
RtlSecondsSince1970ToTime
PfxInitialize
RtlSetBits
NtFreeUserPhysicalPages
RtlSystemTimeToLocalTime
RtlDetermineDosPathNameType_U
NtReplyWaitReceivePort
RtlProtectHeap
NtRaiseException
RtlWalkFrameChain
ZwSetBootEntryOrder
NtQueryObject
_alldiv
RtlCreateUserSecurityObject
ZwWriteFileGather
RtlUnicodeStringToAnsiSize
ZwCreateJobObject

hid

HidD_GetNumInputBuffers
HidD_Hello
HidP_GetData
HidD_SetFeature
HidP_GetSpecificValueCaps
HidD_GetPreparsedData
HidD_GetHidGuid
HidP_GetSpecificButtonCaps
HidD_GetConfiguration
HidP_GetUsageValue
HidP_MaxUsageListLength
HidD_SetConfiguration
HidP_GetUsageValueArray
HidP_GetButtonCaps
HidP_TranslateUsagesToI8042ScanCodes
HidD_GetSerialNumberString
HidP_GetUsages
HidD_GetIndexedString
HidP_SetUsageValue

kernel32

GetPrivateProfileStructW
VirtualAlloc
OpenJobObjectA
SetConsoleMaximumWindowSize
FindNextFileW
AddVectoredExceptionHandler
LocalReAlloc
WritePrivateProfileSectionW
ClearCommBreak
CreateToolhelp32Snapshot
SetMailslotInfo
GlobalAlloc
WriteConsoleOutputCharacterA
LoadLibraryA
GetConsoleInputExeNameW
GetNumaProcessorNode
SetThreadIdealProcessor
Module32FirstW
GetStartupInfoA
lstrcpynW
SetLastError

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 58KB - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fbd15de7d98a14457328f9d5b0980f0e

Headers

DLL Characteristics

File Characteristics

Imports

esent

mssign32

ntdll

hid

kernel32

Sections

.text Size: 27KB - Virtual size: 27KB

Size: 40KB - Virtual size: 39KB

.data Size: 58KB - Virtual size: 175KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 116B

.text
Size: 27KB - Virtual size: 27KB

.data
Size: 58KB - Virtual size: 175KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 116B