0469a24ff35d74887b15c4b00f3668b2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0469a24ff35d74887b15c4b00f3668b2_JaffaCakes118
Size

616KB
MD5

0469a24ff35d74887b15c4b00f3668b2
SHA1

82a1ca9a765baec19a2a9e7a1ce49a3ce5868629
SHA256

9ec5b113aca23c594bd986bf66379fc9079be787b7551fa6117cbe60f94a5b99
SHA512

d8c9cc1ccb39bd82ce2f1d15f0937e1cb95d82a4a34f55bb4798a918ffc80ffe9a35e7441ce7f2540a7396f0de1184705355d5a915de89cce28dfa8a82f36d2d
SSDEEP

12288:57Ecb/3fs1fk7NmtPmMWm8erUVMnxwIvT+njw/a549S2tp:bb/ENkstPN8erUVMnGIvSnjXqp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0469a24ff35d74887b15c4b00f3668b2_JaffaCakes118

Files

0469a24ff35d74887b15c4b00f3668b2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

818acc8541d0ab475362b95f869f0024

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtCancelTimer
wcsstr
NtWriteFileGather
RtlNewSecurityObject
wcslen
NtClose
NtOpenFile
RtlCutoverTimeToSystemTime
ZwClose
_wcslwr

mtxclu

MtxCluGetComputerNameW
MtxCluGetDTCVirtualServerNameW
MtxCluGetDTCStatusW
MtxCluIsClusterPresentExW
MtxCluIsClusterPresent
MtxCluIsSameNodeW
MtxCluBringOnlineDTCW

usp10

ScriptGetFontProperties
ScriptStringFree
ScriptStringAnalyse
ScriptGetProperties
ScriptStringGetLogicalWidths
LpkPresent
ScriptIsComplex
UspAllocCache
ScriptStringGetOrder
UspFreeMem
ScriptRecordDigitSubstitution

mprapi

MprAdminConnectionEnum
MprAdminInterfaceSetInfo
MprInfoBlockAdd
MprAdminServerDisconnect
MprConfigBufferFree
MprAdminInterfaceDisconnect
MprAdminInterfaceTransportAdd
MprInfoBlockRemove
MprConfigGetGuidName
MprConfigInterfaceCreate
MprAdminServerConnect
MprAdminUserSetInfo
MprConfigServerConnect
MprConfigInterfaceTransportSetInfo
MprInfoDelete
MprAdminMIBEntryGetNext
MprAdminMIBEntryGet
MprAdminMIBBufferFree
MprAdminInterfaceTransportSetInfo

msvcrt

__p__commode
__p__osver
rand
_fstati64
setbuf
__p__iob
iswspace
__p__fmode
difftime
_access
_mktemp

user32

GetDC
SetForegroundWindow
DdeQueryStringA
VkKeyScanW
GetMenu
GetSystemMetrics
GetFocus
LoadCursorW
SetUserObjectSecurity
OpenInputDesktop
EnumDisplaySettingsW
UpdateLayeredWindow
LoadStringW
GetDesktopWindow
DispatchMessageA
wsprintfA

kernel32

GetCurrentProcess
GetCommMask
GetCurrentProcessId
GetACP
GetFileTime
GetLastError
GlobalGetAtomNameA
GetCurrentThreadId
GetCommandLineW
GetTickCount
Sleep
GetModuleHandleW
ExitProcess
PostQueuedCompletionStatus
GetCommandLineA
GetVersion
GetCurrentThread
GetModuleHandleA
EnumTimeFormatsW
WaitCommEvent
SetConsoleCP
CreateMailslotW
OpenEventA
CreateIoCompletionPort
GetProcessHeap
GetEnvironmentVariableW
VirtualAlloc
GetNamedPipeInfo

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: - Virtual size: 453KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2.9MB - Virtual size: 5.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 99KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

818acc8541d0ab475362b95f869f0024

Headers

File Characteristics

Imports

ntdll

mtxclu

usp10

mprapi

msvcrt

user32

kernel32

Sections

.text Size: 11KB - Virtual size: 10KB

.edata Size: - Virtual size: 453KB

.idata Size: 2.9MB - Virtual size: 5.5MB

.tls Size: - Virtual size: 3KB

DATA Size: 512B - Virtual size: 24B

.rsrc Size: 99KB - Virtual size: 100KB

.text
Size: 11KB - Virtual size: 10KB

.edata
Size: - Virtual size: 453KB

.idata
Size: 2.9MB - Virtual size: 5.5MB

.tls
Size: - Virtual size: 3KB

DATA
Size: 512B - Virtual size: 24B

.rsrc
Size: 99KB - Virtual size: 100KB