00d49b939f6a6732d5671c7e8e45e313_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

00d49b939f6a6732d5671c7e8e45e313_JaffaCakes118
Size

135KB
MD5

00d49b939f6a6732d5671c7e8e45e313
SHA1

4e1ea7021b2cf3831c5f4ec6e783898d222ee3ab
SHA256

6536ccce986abce6faece14f237c73ee8be1d5ff1fe1cafd29c3da09e7b25be7
SHA512

a1f25d9e0db3849d81d5a430d8bdcc0af24732cc2e6751c5e01c416aad656d5f444f1841f0c358e2527d122c597f8842bf512fcbe3a1917293c293c2132b63ce
SSDEEP

3072:x9PHMpXs4JzswUMEIA16wSpFV0Ks+DJVUnP5R9ShTxRUx1:QpZzswUjVSpIkXSR91

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
00d49b939f6a6732d5671c7e8e45e313_JaffaCakes118

Files

00d49b939f6a6732d5671c7e8e45e313_JaffaCakes118
.exe windows:5 windows x86 arch:x86

74f9132fb0614ec0db6e0d237d932439

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateEventW
CreateMutexW
IsBadReadPtr
SetConsoleIcon
GetAtomNameW
GetConsoleAliasesW
GetVolumePathNameW
GetProcessHeap
GetEnvironmentVariableW
EnumResourceLanguagesW
UTRegister
IsDBCSLeadByte
GetThreadLocale
GetConsoleFontSize
GetCurrentDirectoryW
WriteTapemark
FindVolumeClose
DeactivateActCtx
FileTimeToLocalFileTime
QueryPerformanceFrequency
GetNumaHighestNodeNumber
lstrlenA
ReadProcessMemory
LoadLibraryA
PulseEvent
lstrcmpA
_hwrite
MoveFileWithProgressW
GetLargestConsoleWindowSize
GetCommConfig
EnumSystemLanguageGroupsA
OpenWaitableTimerA
FindResourceExW
SetConsoleInputExeNameA
VirtualAlloc
GetFileSizeEx
GetSystemWindowsDirectoryW
GetEnvironmentStringsA
InterlockedDecrement
GetPrivateProfileStructW
lstrcpynW
EnumSystemGeoID
EnumSystemLocalesW
Thread32First
GlobalFindAtomA

shlwapi

PathRemoveBlanksA
StrCSpnA
StrIsIntlEqualA
UrlCombineA
PathRemoveArgsA
StrNCatW
SHRegGetBoolUSValueA
StrStrNIW
PathGetDriveNumberW
PathMakeSystemFolderW
SHGetValueW
SHDeleteValueA
PathStripToRootA
PathAppendA
UrlGetPartA
SHGetInverseCMAP
IntlStrEqWorkerA

gdi32

SetBrushAttributes
GdiGetLocalBrush
QueryFontAssocStatus
EndDoc
PATHOBJ_bEnum
EndPage
GetCharABCWidthsFloatW
CreateBrushIndirect
ClearBitmapAttributes
GetDCPenColor
GdiSetBatchLimit
GetEnhMetaFileHeader
BRUSHOBJ_pvAllocRbrush
Polyline
GetTextFaceAliasW
GetAspectRatioFilterEx
MoveToEx
DdEntry6
GdiConvertBitmapV5
GdiEntry2
DdEntry42
CreatePolygonRgn
DdEntry14
CancelDC
CreatePen

dbnetlib

ConnectionServerEnumW
ConnectionErrorW
CloseEnumServers
ConnectionOpenW
ConnectionOpen
ConnectionTransact
ConnectionGetSvrUser
InitSSPIPackage
ConnectionSqlVer
TermSSPIPackage
ConnectionClose
ConnectionFlushCache
InitSession
ConnectionError
ConnectionWriteOOB
ConnectionOption
ConnectionMode
ConnectionVer
GenClientContext
ConnectionRead
ConnectionCheckForData
InitEnumServers
ConnectionServerEnum
ConnectionStatus
GetNextEnumeration

hhsetup

??0CTitle@@QAE@XZ
?GetFirstChildFolder@CFolder@@QAEPAV1@XZ
?WriteFolder@CCollection@@AAEHPAPAVCFolder@@@Z
?Add@CPointerList@@QAEPAUListItem@@PAX@Z
?GetFirstTitle@CCollection@@QAEPAVCTitle@@XZ
?FindTitle@CCollection@@QAEPAVCTitle@@PBGG@Z
?GetIdW@CTitle@@QAEPBGXZ
?SetId@CLocation@@QAEXPBD@Z
?AddLocation@CCollection@@QAEPAVCLocation@@PBD000PAK@Z
?Close@CCollection@@QAEKXZ
?GetLangId@CCollection@@QAEGPBG@Z
?SetVolume@CLocation@@QAEXPBG@Z
??0CLocation@@QAE@XZ
?FirstLocation@CCollection@@QAEPAVCLocation@@XZ
?GetPathW@CLocation@@QAEPBGXZ
?GetTail@CFIFOString@@QAEKPAPAD@Z
?AddFolder@CCollection@@QAEPAVCFolder@@PBDKPAKG@Z
?AddTitle@CCollection@@QAEPAVCTitle@@PBG0000GIPAVCLocation@@PAKH0@Z
?HandleCollectionEntry@CCollection@@AAEKPAVCParseXML@@PAD@Z
?SetLanguage@CTitle@@QAEXG@Z

Sections

.text
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 55KB - Virtual size: 178KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

74f9132fb0614ec0db6e0d237d932439

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shlwapi

gdi32

dbnetlib

hhsetup

Sections

.text Size: 33KB - Virtual size: 32KB

Size: 44KB - Virtual size: 43KB

Size: 55KB - Virtual size: 178KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 192B

.text
Size: 33KB - Virtual size: 32KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 192B