053f94254fb75ec5e49cf91468d4ee16_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

053f94254fb75ec5e49cf91468d4ee16_JaffaCakes118
Size

847KB
MD5

053f94254fb75ec5e49cf91468d4ee16
SHA1

7babfe559373f735db166b7978cebd82da6f75d7
SHA256

d12e01ba56a8df7136ff28e2e5c9130bb070d115188713dfce5f94c65b6ab1c8
SHA512

1c9a0bd4d0c8f9d113cb5e06034149c57de49bec1ec05e7ad1c2ac8fc2196c7621c82e673f961f56c58856822d0a4fa1ca6894fc5a8e9fbbaaa225886af0180a
SSDEEP

24576:YR0nPX78IVAbqnwAEIBhCu9JTPcC6msfY3X5LW:YWTDV7EIv9vT0mTB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
053f94254fb75ec5e49cf91468d4ee16_JaffaCakes118

Files

053f94254fb75ec5e49cf91468d4ee16_JaffaCakes118
.exe windows:5 windows x86 arch:x86

393b191d8ce2b9670f67bbb114fafbb3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalCompact
GetVolumePathNamesForVolumeNameW
CreateDirectoryW
SetCurrentDirectoryA
EnumerateLocalComputerNamesW
DeleteFileA
GetFileAttributesExA
BackupWrite
SetTapeParameters
ReadConsoleInputExA
CancelIo
OpenThread
VirtualLock
GetSystemDefaultUILanguage
ZombifyActCtx
Process32FirstW
DosPathToSessionPathA
lstrcpynA
GetEnvironmentStringsW
SetThreadIdealProcessor
SetLocaleInfoA
WritePrivateProfileSectionA
AddAtomA
ReadConsoleOutputW
GetConsoleDisplayMode
VirtualUnlock
GetDriveTypeW
LoadLibraryA
GetNativeSystemInfo
SetConsoleNumberOfCommandsW
SetComputerNameW
GetProcAddress
GetThreadPriority
OutputDebugStringA
FindResourceW
QueueUserAPC
GlobalHandle
VirtualAlloc
UnregisterWaitEx
SetConsoleWindowInfo
GetDefaultCommConfigW

esent

JetEnableMultiInstance
JetInit
JetPrepareToCommitTransaction
JetOSSnapshotThaw
JetGotoBookmark
JetTerm@4
JetRenameColumn
JetDefragment
JetGetAttachInfoInstance
JetSnapshotStart
JetRenameTable
JetSetLS
JetBeginExternalBackup
JetSetDatabaseSize
JetRetrieveTaggedColumnList
JetCreateIndex
JetCloseDatabase
JetCloseFileInstance
JetTerm2
JetRetrieveKey

comctl32

DrawStatusText
ImageList_SetFlags
DllGetVersion
CreateStatusWindowA
ImageList_Create
FlatSB_GetScrollRange
ImageList_LoadImageW
UninitializeFlatSB
ImageList_GetIconSize
GetEffectiveClientRect
PropertySheetW
ImageList_DragLeave
ImageList_Replace
ImageList_SetImageCount
CreateToolbar
ImageList_SetIconSize

Sections

.text
Size: 716KB - Virtual size: 716KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

393b191d8ce2b9670f67bbb114fafbb3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

esent

comctl32

Sections

.text Size: 716KB - Virtual size: 716KB

.rdata Size: 124KB - Virtual size: 123KB

.data Size: 3KB - Virtual size: 1.4MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 944B

.text
Size: 716KB - Virtual size: 716KB

.rdata
Size: 124KB - Virtual size: 123KB

.data
Size: 3KB - Virtual size: 1.4MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 944B