f9afb9344c8a8cf5fcfea16ec981d9a8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f9afb9344c8a8cf5fcfea16ec981d9a8_JaffaCakes118
Size

56KB
MD5

f9afb9344c8a8cf5fcfea16ec981d9a8
SHA1

2760cfba9af418d0e0a9610091ba51714276995c
SHA256

c8a99117273f4629cffa68e5302625862fbaa02aa95ca914313e5987d447bdc2
SHA512

7c8c1035b6b3d6d47fcea531a7f379a42d7b4ec41e6f71a2d421dd86c3fff3b09d74e48955ae218bd68ec14c8dd69e87bbaf771364a574647782fbc6c8531edb
SSDEEP

1536:p4FVlJiCqoE+9DsmlngYi07a6zCG6xjWcUu3:p4FVlJNbJsmyE7rCNqu3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f9afb9344c8a8cf5fcfea16ec981d9a8_JaffaCakes118

Files

f9afb9344c8a8cf5fcfea16ec981d9a8_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ea20a86156dac3b589287e8439fd8510

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wsnmp32

SnmpSetVb
SnmpSendMsg
SnmpSetRetransmitMode
SnmpFreeDescriptor
SnmpCancelMsg
SnmpListen
SnmpCountVbl
SnmpCreateSession
SnmpGetTimeout
SnmpGetRetry
SnmpSetPduData
SnmpFreeEntity
SnmpDecodeMsg
SnmpStartup
_SnmpSetAgentAddress@4
SnmpRecvMsg
SnmpDeleteVb

security

InitializeSecurityContextW
AcceptSecurityContext
DeleteSecurityPackageA
EnumerateSecurityPackagesW
VerifySignature
DecryptMessage
QuerySecurityContextToken
CompleteAuthToken
QueryCredentialsAttributesA
FreeCredentialsHandle
AddSecurityPackageW
AcquireCredentialsHandleA
DeleteSecurityContext
ImportSecurityContextA

crtdll

_memccpy
memchr
wcscspn
_fgetwchar
__argv_dll
_spawnlpe
mktime
_ismbbprint
_mbstrlen
_clearfp
_strtime
_chgsign
sin
tmpfile
_yn
_ultoa
_mbctoupper
wprintf
_getsystime
wcscpy

kernel32

Heap32ListNext
LoadLibraryW
GetCurrentThreadId
GetTickCount
WritePrivateProfileStringA
GetCurrentProcessId
GetSystemTimeAsFileTime
LoadLibraryA
GetFileAttributesW
VirtualAlloc
GetProcAddress
VerSetConditionMask
ConvertFiberToThread
GetModuleHandleW
QueryPerformanceCounter
EnumResourceNamesW
InterlockedCompareExchange
OpenFileMappingA
ExpungeConsoleCommandHistoryA
SetSystemTime
EnumSystemCodePagesW
InitializeSListHead
ReadConsoleInputExW
CreateHardLinkA
GetConsoleScreenBufferInfo
WaitNamedPipeW
InterlockedExchangeAdd
GetStartupInfoA
ExpungeConsoleCommandHistoryW
VirtualAllocEx

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 9KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ea20a86156dac3b589287e8439fd8510

Headers

DLL Characteristics

File Characteristics

Imports

wsnmp32

security

crtdll

kernel32

Sections

.text Size: 19KB - Virtual size: 18KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 9KB - Virtual size: 48KB

.rsrc Size: 19KB - Virtual size: 19KB

.reloc Size: 512B - Virtual size: 304B

.text
Size: 19KB - Virtual size: 18KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 9KB - Virtual size: 48KB

.rsrc
Size: 19KB - Virtual size: 19KB

.reloc
Size: 512B - Virtual size: 304B