00064f2fa7557017619cd1f86a501f9b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

00064f2fa7557017619cd1f86a501f9b_JaffaCakes118
Size

51KB
MD5

00064f2fa7557017619cd1f86a501f9b
SHA1

eb77c9051606e356db96600aba517874a46ef512
SHA256

b554a34bb87235c6352ed6bb515111172b321fb9ac4f7091c68f1d4e956394ea
SHA512

119170cd68c061a4956869b329164d68fcdab8dc118212786d54a892fd8d5882722341abe8cd03e2f22601416feb176f54dc523aaa9a00b7a64dbc34d7929813
SSDEEP

1536:tXV7+wyVND0s2P/YrjEwbkuGZCJYSy5Zmhg:hV7BcasiwESkdZlSy5ZAg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
00064f2fa7557017619cd1f86a501f9b_JaffaCakes118

Files

00064f2fa7557017619cd1f86a501f9b_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c2cfb7d3f0e4e6fc9c9f74b91187df5c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

qdvd

DllGetClassObject
DllUnregisterServer
DllRegisterServer
DllCanUnloadNow

sisbkup

SisRestoredCommonStoreFile

avifil32

EditStreamSetInfo
AVIFileOpen

msvbvm60

__vbaR4Var
__vbaLdZeroAry
rtcChangeDrive
rtcGetDayOfWeek
rtcRate
Zombie_Invoke
__vbaAryVarVarg
__vbaGenerateBoundsError
rtcFormatNumber
__vbaAryLock
rtcLowerCaseBstr
PutMem8
__vbaCopyBytes
rtcSetDateVar
__vbaLsetFixstrFree
GetMemNewObj
rtcCreateObject2
__vbaUI1I4
__vbaObjSetAddref
__vbaR8Sgn
__vbaLateMemNamedCallSt
__vbaVarTextLikeVar
rtcGetObject
rtcRemoveDir
__vbaVarForInit
rtI2FromErrVar
rtcAnsiValueBstr
_CIlog
rtUI1FromErrVar
__vbaRecUniToAnsi
__vbaUdtVar
__vbaVarLikeVar
__vbaVarTextCmpGt
__vbaVargParmRef
rtcRightTrimBstr

kernel32

GetLastError
VirtualAlloc

iprtprio

GetPriorityInfo
SetPriorityInfo
ComputeRouteMetric

gdi32

GetTextExtentPoint32A
ResetDCW
ChoosePixelFormat

netshell

NcFreeNetconProperties
HrRenameConnection
DllUnregisterServer
HrLaunchConnection
DllCanUnloadNow
NcIsValidConnectionName
DllRegisterServer
HrCreateDesktopIcon
DllGetClassObject

ieakeng

NewFolder
GetFavoritesNumber
GetFavoritesMaxNumber
ModifyAuthCode
ModifyZones
BuildPalette
SaveADMItem
SelectADMItem
ShowInetcpl
CanDeleteADM
DisplayADMItem
MoveADMWindow
CreateADMWindow
CheckForDupKeys
BToolbar_Edit
ProcessFavSelChange
MoveDownFavorite
ErrorMessageBox
MoveUpFavorite
BToolbar_Remove
DestroyADMWindow
CheckField
DoReboot
IsFavoriteItem
ShowADMWindow
GetAdmWindowHandle
ModifyRatings

msvidctl

DllCanUnloadNow
GetProxyDllInfo
DllUnregisterServer
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 480KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 820B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rdata
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c2cfb7d3f0e4e6fc9c9f74b91187df5c

Headers

DLL Characteristics

File Characteristics

Imports

qdvd

sisbkup

avifil32

msvbvm60

kernel32

iprtprio

gdi32

netshell

ieakeng

msvidctl

Sections

.text Size: 3KB - Virtual size: 3KB

.data Size: - Virtual size: 480KB

.rsrc Size: 1024B - Virtual size: 820B

.reloc Size: 512B - Virtual size: 28B

.rdata Size: 114KB - Virtual size: 113KB

.text
Size: 3KB - Virtual size: 3KB

.data
Size: - Virtual size: 480KB

.rsrc
Size: 1024B - Virtual size: 820B

.reloc
Size: 512B - Virtual size: 28B

.rdata
Size: 114KB - Virtual size: 113KB