f55c37638bb51591dbab3ae09255430c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f55c37638bb51591dbab3ae09255430c_JaffaCakes118
Size

23KB
MD5

f55c37638bb51591dbab3ae09255430c
SHA1

6422bb5be6a11c03ad4e3556bc304d6f75b9b6a2
SHA256

a0aa9bd080c47e216d438bd5ed74d8babc4b652f005753c4230707a507896f44
SHA512

d92e6dab5af6b81fbf1fad0774462a8f521bd8363bb96c69b893be1d8b14219ada7fa164c6d16a46fdf4bbcafea4e62d377065de503cd7c6d82687a9b425b55d
SSDEEP

384:w4NdcxGDBNpnoZlaezviMfw1DjEB8ZFQhSQDYcUnicSj0vaz+P3hXlfsf/:w4UGFvnoamF4ZEfsARkiHj03P3hXlfU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f55c37638bb51591dbab3ae09255430c_JaffaCakes118

Files

f55c37638bb51591dbab3ae09255430c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

519856e2a24fd7697d932dc25faa3151

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetConsoleActiveScreenBuffer
SetEndOfFile
SetFileAttributesA
VirtualLock
SetCalendarInfoA
ZombifyActCtx
RtlZeroMemory
RegisterWaitForSingleObjectEx
InitializeCriticalSection
GetThreadLocale
GetProcessShutdownParameters
GetProcessIoCounters
GetProcessHandleCount
GetEnvironmentVariableA
DecodePointer
CreateEventA
VirtualAlloc
AddLocalAlternateComputerNameA
WaitCommEvent

advapi32

LsaLookupNames
RegQueryInfoKeyW
LsaGetQuotasForAccount
GetManagedApplications
EncryptionDisable
DecryptFileA
CreateWellKnownSid
ClearEventLogA
BuildExplicitAccessWithNameW
RegisterEventSourceW
RegQueryValueExW

ole32

CoFreeUnusedLibraries
CoRetireServer
CoTaskMemAlloc
CoTaskMemFree
CoTestCancel
CreateBindCtx
HBITMAP_UserUnmarshal
HWND_UserUnmarshal
IsValidInterface
OleGetIconOfFile
UtGetDvtd16Info
CoCopyProxy

ntdll

CsrIdentifyAlertableThread
RtlEnlargedUnsignedDivide

rpcrt4

RpcErrorLoadErrorInfo
NdrRpcSmClientAllocate
NdrNsGetBuffer
NdrMesTypeDecode2
NdrConformantStructMarshall
NdrComplexArrayFree
MesDecodeBufferHandleCreate
I_RpcTransDatagramAllocate2
UuidFromStringW
UuidFromStringA
RpcSsSwapClientAllocFree
RpcNetworkInqProtseqsA
NdrStubInitialize
RpcBindingToStringBindingA
I_RpcNsBindingSetEntryName
RpcBindingInqOption
NdrpGetTypeGenCookie

shlwapi

PathIsSameRootW
PathRelativePathToW
SHQueryValueExW
UrlCompareW
SHRegSetUSValueA

ws2_32

htons
bind
gethostbyname
ioctlsocket
WSAAsyncGetHostByAddr
WSAAsyncGetHostByName
WSAAsyncGetProtoByName
WSAAsyncGetProtoByNumber
WSAEnumNameSpaceProvidersA
WSAGetServiceClassInfoW
WSAInstallServiceClassA
WSAJoinLeaf
WSARecv
WSARecvFrom
recvfrom
recv
WSARemoveServiceClass

version

VerInstallFileA
GetFileVersionInfoW

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

519856e2a24fd7697d932dc25faa3151

Headers

File Characteristics

Imports

kernel32

advapi32

ole32

ntdll

rpcrt4

shlwapi

ws2_32

version

Sections

.text Size: 11KB - Virtual size: 10KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 7KB - Virtual size: 6KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 11KB - Virtual size: 10KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 1KB - Virtual size: 1KB