052c5e187fcb592c1eb96b9974837e10_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

052c5e187fcb592c1eb96b9974837e10_JaffaCakes118
Size

104KB
MD5

052c5e187fcb592c1eb96b9974837e10
SHA1

cb6e0ad2b7f8d2278535e60028cec4cbe231cfcf
SHA256

42d97e903395861219b48ba429803429f0541432e6810c2c5eaf19af0351a4a8
SHA512

f289c03c7c0be809df6d29abf356aaba7fed8bbf510beefad2c166598d16c910c28796ad9e81f72843f317e5551e6e7e7de34d67000370975895d3bfb27e89c2
SSDEEP

768:xBRjsIYcAcQTj8BOfxy0jZ+wPQQBTn14SyfGF35EY:xTsIXAca8BlmfQYb143fGF3eY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
052c5e187fcb592c1eb96b9974837e10_JaffaCakes118

Files

052c5e187fcb592c1eb96b9974837e10_JaffaCakes118
.exe windows:4 windows x86 arch:x86

439b04b7a04ce61e2ede5ddb1e84189f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

nuktopwe.pdb

Imports

untfs

Chkdsk
Format
FormatEx
Extend

dbnmpntw

ConnectionError
ConnectionClose
ConnectionWrite

user32

IsZoomed
CharToOemA
SetFocus
SetCursorPos
DialogBoxParamW
PeekMessageA
DrawIcon
LoadImageW
PostMessageA
DispatchMessageA
GetWindowTextA
wsprintfA
CreateWindowExW
GetMessageA

crypt32

CertDuplicateCRLContext
CertFindCRLInStore
CertFindAttribute
CertCloseStore
CertAlgIdToOID
CertFindChainInStore
CertCompareCertificate
CertDuplicateStore
CertFreeCRLContext
CertSaveStore
CertCreateContext
CryptFindOIDInfo
CertCreateCRLContext
CertNameToStrA
CertControlStore
CertFindExtension

shlwapi

UrlGetLocationA
UrlCombineA
UrlHashA
UrlIsNoHistoryA
UrlCreateFromPathA
UrlCanonicalizeA
UrlUnescapeA
PathCompactPathA
PathCombineA
UrlEscapeA
PathCommonPrefixA

kernel32

GetCurrentThreadId
GetCurrentProcess
GetNumberFormatA
CreateMutexA
CompareStringA
CreateDirectoryA
GetTimeFormatA
GetConsoleAliasW
LoadLibraryA
WriteProcessMemory
GetProcessHeap
InterlockedExchange
GetFullPathNameA
HeapCreate
TlsGetValue
FormatMessageA
SystemTimeToFileTime
GetComputerNameA
SetEnvironmentVariableA
VirtualQuery
CreateEventA
SleepEx

wtsapi32

WTSEnumerateServersA
WTSVirtualChannelClose
WTSFreeMemory
WTSEnumerateSessionsA
WTSVirtualChannelQuery
WTSUnRegisterSessionNotification
WTSSetSessionInformationA
WTSOpenServerA
WTSVirtualChannelOpen
WTSEnumerateProcessesA
WTSSetUserConfigW
WTSVirtualChannelWrite
WTSCloseServer
WTSLogoffSession
WTSQueryUserToken
WTSWaitSystemEvent

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

439b04b7a04ce61e2ede5ddb1e84189f

Headers

File Characteristics

PDB Paths

Imports

untfs

dbnmpntw

user32

crypt32

shlwapi

kernel32

wtsapi32

Sections

.text Size: 60KB - Virtual size: 59KB

.data Size: 20KB - Virtual size: 16KB

.rsrc Size: 20KB - Virtual size: 17KB

.text
Size: 60KB - Virtual size: 59KB

.data
Size: 20KB - Virtual size: 16KB

.rsrc
Size: 20KB - Virtual size: 17KB