05ac4bdbd8e0ef954d3915964cfed075_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

05ac4bdbd8e0ef954d3915964cfed075_JaffaCakes118
Size

86KB
MD5

05ac4bdbd8e0ef954d3915964cfed075
SHA1

63daf9ff4be135191af824071fa09b83cadb5f3d
SHA256

11de56a3442bffec5fb9ff7a103385d2d0a9b62f8e242c889bbf4ca586c5d511
SHA512

022861ac90a7166473471ee14eec8600b724d006fa2bb7f09e6f272dd1a49af8edbc3cb6fbc875d29c6281b78ea148bbf4aec999b95938a5deb0c74139325cac
SSDEEP

1536:0CjNR+WRAOFbMMD/TNRinAFPZQ1OTmhOUpjvQMxv0GSuHHuGjjmxJtf0erTYQEBC:3hRLRAOFYQLFRQ1OKhOgjvQQZNnJjSf/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
05ac4bdbd8e0ef954d3915964cfed075_JaffaCakes118

Files

05ac4bdbd8e0ef954d3915964cfed075_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ccc2d7a564a006e5555c398d606e859d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetReadFile
InternetTimeFromSystemTimeA
InternetSetOptionW
GopherGetAttributeW
InternetQueryDataAvailable
FtpGetFileEx
RetrieveUrlCacheEntryStreamW
FindFirstUrlCacheEntryA
DeleteUrlCacheEntryW
UpdateUrlCacheContentPath
HttpQueryInfoA
InternetConnectW
FindFirstUrlCacheEntryExA

kernel32

VirtualUnlock
DosDateTimeToFileTime
EnumSystemLocalesA
VirtualAlloc
SetHandleCount
GetPrivateProfileSectionA
IsValidCodePage
GetStartupInfoA
GetCalendarInfoW
lstrcpyn
EnumResourceTypesA
LCMapStringW
GetNumberFormatA
IsValidLocale
GetBinaryType
GetCommModemStatus
FormatMessageA
GetFileTime
GetComPlusPackageInstallStatus
WriteConsoleOutputA
GetConsoleCursorInfo
GetCommandLineA
RestoreLastError
FatalAppExitA
GetModuleHandleA
FindClose
WaitForDebugEvent
CreateProcessW

ntdll

NtConnectPort
NtSetTimerResolution
RtlGetNtVersionNumbers
NtWriteFile
LdrSetAppCompatDllRedirectionCallback
RtlSetCurrentEnvironment
RtlValidateProcessHeaps
RtlConvertLongToLargeInteger
RtlRegisterSecureMemoryCacheCallback
RtlAcquirePebLock
vDbgPrintEx
RtlEqualString
ZwOpenObjectAuditAlarm
NtSetIntervalProfile

opengl32

glGetTexGeniv
glIndexs
glRasterPos3dv
glColorMaterial
glTexGend
glGetClipPlane
wglRealizeLayerPalette
glTexCoord1dv
glNormal3d
glLineWidth
wglCreateLayerContext
glIndexub

utildll

GetUnknownString
QueryCurrentWinStation
AsyncDeviceEnumerate
FormDecoratedAsyncDeviceName
NetBIOSDeviceEnumerate
CachedGetUserFromSid
WinEnumerateDevices
EnumerateMultiUserServers
GetUserFromSid
CtxGetAnyDCName
StrSystemWaitReason
CompareElapsedTime
ConfigureModem
CalculateDiffTime
RegGetNetworkServiceName
CalculateElapsedTime
StrSdClass

user32

CharNextA

Sections

.text
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idat_22
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 378B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ccc2d7a564a006e5555c398d606e859d

Headers

DLL Characteristics

File Characteristics

Imports

wininet

kernel32

ntdll

opengl32

utildll

user32

Sections

.text Size: 47KB - Virtual size: 47KB

.idat_22 Size: 14KB - Virtual size: 13KB

.data Size: 21KB - Virtual size: 46KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 378B

.text
Size: 47KB - Virtual size: 47KB

.idat_22
Size: 14KB - Virtual size: 13KB

.data
Size: 21KB - Virtual size: 46KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 378B