fd09b9cd6e6af1060cd8d072ee3138c2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fd09b9cd6e6af1060cd8d072ee3138c2_JaffaCakes118
Size

504KB
MD5

fd09b9cd6e6af1060cd8d072ee3138c2
SHA1

aa4af774d16110859ff83f7f10ebb20ee68b2e1b
SHA256

f0bbe0b013445cb7aac55eb3beefd6c8cc4323256f10fce7798f06a963950c35
SHA512

24b6d2bc720123cabc1d4aa5d7732c1589db5107ee556607fd6e208f9bc5dce9d84fc2421cf7caff48f6ed87f1f0d45c0dbb546a5eb13d8498e4f966c67326fb
SSDEEP

3072:toVGb57LBpnyO8PU3z9DP48p67PtSPd6D5dSUCFCH1JYwPllwqxROyAY:toVGbTpTD9U9jXDaCHDFQGwZY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fd09b9cd6e6af1060cd8d072ee3138c2_JaffaCakes118

Files

fd09b9cd6e6af1060cd8d072ee3138c2_JaffaCakes118
.exe windows:5 windows x86 arch:x86

3ecc3a11b7fec48b5ec6a40e4f9dc320

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comdlg32

GetOpenFileNameA

msvcrt

fprintf
fputc
towlower

shell32

FindExecutableW

user32

InsertMenuA
IsWinEventHookInstalled
GetMenu
DefFrameProcW
GetRawInputDeviceInfoW
PackDDElParam
GetInputState
InSendMessage
GetMessagePos
GetMessageExtraInfo
IsWindow
DrawTextExA
GetClassNameW
GetMenuState

ws2_32

socket
listen

winmm

DefDriverProc

ole32

CoInvalidateRemoteMachineBindings
GetRunningObjectTable

wintrust

CryptCATEnumerateMember

version

GetFileVersionInfoSizeW

secur32

FreeCredentialsHandle

powrprof

IsPwrHibernateAllowed

advapi32

GetServiceDisplayNameW
EnumServicesStatusA
IsValidSid
LookupAccountNameW
LookupPrivilegeNameW

winspool.drv

GetPrinterW

kernel32

GetEnvironmentVariableA
EnumResourceTypesA
LoadLibraryA
GetSystemDirectoryA
GetEnvironmentVariableW
VirtualProtectEx
GetConsoleCP
GenerateConsoleCtrlEvent
GetPrivateProfileStructA
LocalFileTimeToFileTime
GetCommandLineW
GetNamedPipeClientProcessId
FlushProcessWriteBuffers
GetNamedPipeServerProcessId
FlsFree
GetModuleHandleW
GetPrivateProfileStructW
GetStringTypeA

gdi32

DeleteObject
ExtCreatePen
GetRgnBox
GetViewportOrgEx
GetTextExtentPoint32W

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 332KB - Virtual size: 330KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 920B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3ecc3a11b7fec48b5ec6a40e4f9dc320

Headers

DLL Characteristics

File Characteristics

Imports

comdlg32

msvcrt

shell32

user32

ws2_32

winmm

ole32

wintrust

version

secur32

powrprof

advapi32

winspool.drv

kernel32

gdi32

Sections

.text Size: 32KB - Virtual size: 29KB

.rdata Size: 332KB - Virtual size: 330KB

.data Size: 16KB - Virtual size: 19KB

.reloc Size: 116KB - Virtual size: 115KB

.rsrc Size: 4KB - Virtual size: 920B

.text
Size: 32KB - Virtual size: 29KB

.rdata
Size: 332KB - Virtual size: 330KB

.data
Size: 16KB - Virtual size: 19KB

.reloc
Size: 116KB - Virtual size: 115KB

.rsrc
Size: 4KB - Virtual size: 920B