092c3afd58b7b62ee18b9714b1ca91c5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

092c3afd58b7b62ee18b9714b1ca91c5_JaffaCakes118
Size

100KB
MD5

092c3afd58b7b62ee18b9714b1ca91c5
SHA1

9d9aca197e4f6b2cc59b80bc044a4f7527df388d
SHA256

b57b6af0490ce158d4f7b5062a4391ad96d04be1014adb47a43089b8785485f6
SHA512

3cbe4942ca7f6829f723caab5a22d42ad7c42b4387d35e890e00344b14a7bcddd561f0cd35f3614c6ccbb25d91f92901ede7eb4688f68aeea3ce0b3e2a5b83ab
SSDEEP

1536:c2ECunQQF5o3KlZU+wnjLOn+gIyadP+ebyQOS0q/PPCYVrHKOWPF:c2ECuQYdUZ3O+gGZz2XS0qlVLJq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
092c3afd58b7b62ee18b9714b1ca91c5_JaffaCakes118

Files

092c3afd58b7b62ee18b9714b1ca91c5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

699db164ef5f973d5945b889ad8afba0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

netapi32

Netbios
NetScheduleJobAdd
NetReplGetInfo
DsRoleCancel

advapi32

ElfReportEventA
GetExplicitEntriesFromAclW
LsaICLookupSids
ElfDeregisterEventSource
ObjectPrivilegeAuditAlarmA
QueryServiceLockStatusA
AllocateAndInitializeSid
ConvertSecurityDescriptorToStringSecurityDescriptorA
RemoveTraceCallback

user32

GetPropA
GetSubMenu
GetSysColorBrush
LoadImageA
MsgWaitForMultipleObjects
SendMessageTimeoutA
SetClipboardData
EnableMenuItem

shlwapi

PathQuoteSpacesA
PathParseIconLocationW
PathMakePrettyW
PathIsPrefixA
PathIsFileSpecA
PathGetArgsA
PathFindSuffixArrayW
PathCanonicalizeW
AssocQueryKeyW

oleaut32

VarBstrCat
SafeArrayCreate
RevokeActiveObject
ClearCustData
OleLoadPicturePath
RegisterTypeLi

kernel32

GetVersionExA
CreateFileA
ExitProcess
FileTimeToSystemTime
GetBinaryTypeA
WriteFile
WaitForSingleObjectEx
VirtualQueryEx
MoveFileWithProgressA
LocalFlags
LocalFileTimeToFileTime
IsBadHugeReadPtr
HeapCreate
HeapAlloc
CloseHandle
GetSystemWindowsDirectoryW
GetStartupInfoA
GetProfileIntW
GetProcessShutdownParameters
GetModuleHandleA
GetLogicalDriveStringsA
GetFullPathNameW
GetCompressedFileSizeW
GetCommandLineA

dbghelp

ImageRvaToSection
SymEnumTypes
SymGetSymFromAddr
SymSetOptions
SymUnDName
SymGetLineFromName

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

699db164ef5f973d5945b889ad8afba0

Headers

File Characteristics

Imports

netapi32

advapi32

user32

shlwapi

oleaut32

kernel32

dbghelp

Sections

.text Size: 60KB - Virtual size: 59KB

.data Size: 28KB - Virtual size: 27KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 60KB - Virtual size: 59KB

.data
Size: 28KB - Virtual size: 27KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 3KB