0e01c8ff6c285fb46e2eb780b3664ed8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0e01c8ff6c285fb46e2eb780b3664ed8_JaffaCakes118
Size

737KB
MD5

0e01c8ff6c285fb46e2eb780b3664ed8
SHA1

b122e1f59ba745afc6dac5eea856b9d234792a55
SHA256

356db5fdb75a3a28f4740d8fc686371a1c1b47c49e61097483884e97b537af9b
SHA512

5ec16220aa7e494372c8fa392411ccd4474bcd387919d3af7dacff4dadaac489e54d711906448baced1f6bde0e52c9f22bc6c665bdeef11e28e3386fce81999a
SSDEEP

12288:Mz6386PhZ1FczNtL/K9uVoNk7nodkL7vM/U5ir2C:o638E3Fcz/L/bVoC7PMSia

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0e01c8ff6c285fb46e2eb780b3664ed8_JaffaCakes118

Files

0e01c8ff6c285fb46e2eb780b3664ed8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

fc8cf4db45ac7fef988afa41e3bc1f2c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

user32

IsClipboardFormatAvailable
PaintDesktop
UpdateWindow
MessageBoxIndirectW
SetMenuItemInfoW
DrawIconEx
SetMenuItemInfoA
GetKeyboardLayout
SendMessageW
FlashWindow
PeekMessageA
GetDC
ModifyMenuW
DlgDirListW
EndPaint
CreateMenu
BroadcastSystemMessageW
CheckDlgButton
MonitorFromWindow
FindWindowW
CharUpperBuffA
LoadBitmapA
GetMessageTime
AdjustWindowRectEx
InsertMenuW
MessageBoxExA
InsertMenuA
LoadIconW
GetWindowTextA

crypt32

CertResyncCertificateChainEngine

dbghelp

ImageDirectoryEntryToDataEx
EnumerateLoadedModules
SymCleanup
ImageNtHeader
ImageDirectoryEntryToData
SymInitialize
SymUnloadModule64
SymRegisterCallback64
SymSetOptions
SymLoadModule64
ImageRvaToVa
MakeSureDirectoryPathExists

kernel32

SetMailslotInfo
ReleaseMutex
CompareStringA
GetModuleFileNameA
OpenFileMappingW
BackupSeek
CreateThread
ConnectNamedPipe
GetCommConfig
SetEnvironmentVariableA
MapViewOfFile
CreateMutexW
HeapValidate
DeleteFiber
VirtualAlloc
GlobalUnlock
WritePrivateProfileSectionA
GetConsoleMode
GetCurrentThreadId
TerminateThread
CreateFileA
GetLastError
CreateFiber
GetTempFileNameA
SetConsoleCtrlHandler
GetVDMCurrentDirectories
lstrcmpW
QueueUserAPC
lstrcmpiW
FindNextVolumeW
GetComputerNameExW
GetComputerNameA
DeleteTimerQueueTimer
SetupComm

iphlpapi

InternalSetIfEntry
GetTcpStatistics
InternalSetIpNetEntry
NhGetInterfaceNameFromGuid
SendARP
GetIpAddrTable
GetUdpStatistics
InternalGetIpAddrTable
GetIpStatistics
InternalSetIpForwardEntry
InternalGetIpForwardTable
GetInterfaceInfo
CreateProxyArpEntry
GetTcpTable
EnableRouter

mpr

WNetEnumResourceW
WNetCancelConnection2W
WNetGetUniversalNameA
WNetGetUserW
WNetEnumResourceA
WNetGetProviderNameW
WNetGetUserA
WNetAddConnection3W
WNetUseConnectionW
WNetGetResourceInformationW
WNetGetConnectionW
WNetAddConnection2W
WNetCloseEnum
WNetGetConnectionA
WNetOpenEnumW
WNetOpenEnumA
WNetGetLastErrorW
WNetGetUniversalNameW

winspool.drv

PrinterProperties
DeviceCapabilitiesW
EnumMonitorsA
AddPrintProcessorW
SetPrinterDataExW
DeleteMonitorW
ReadPrinter
AddPrinterDriverExW
EndDocPrinter
DeletePrinterDriverExW
OpenPrinterA
SetPrinterW
EnumJobsW
DeletePortW
SetFormW
AddPortW
AddPrinterDriverW
EnumPrintProcessorDatatypesW
DeletePrinterDriverW
XcvDataW

shlwapi

SHCreateStreamOnFileW
SHRegWriteUSValueW
PathCanonicalizeA
PathRemoveFileSpecA
UrlIsOpaqueW
PathCompactPathExW
StrCpyNW
SHDeleteValueW
StrCmpIW
PathRemoveArgsW
SHQueryValueExA
StrTrimW
StrToInt64ExW
StrCatBuffA
PathGetArgsW
SHOpenRegStream2W
AssocQueryStringW
StrRChrIW
PathRemoveBackslashA
SHRegEnumUSKeyW
SHIsLowMemoryMachine
SHRegSetUSValueW
PathGetCharTypeW
SHStrDupW
SHRegGetBoolUSValueA
PathBuildRootW
SHDeleteKeyW
PathFileExistsA

msvcrt

_vsnwprintf
_ltow
fread
floor
strtol
qsort
strpbrk
wcscpy
toupper
_wfindnext64
_open
ungetwc
fwrite
wcstok
_mbsnbcpy
_wcsicmp
__CxxFrameHandler
sscanf
ftell
iswctype
_wtempnam
_mbsdec
islower
_hypot

Sections

.text
Size: 12KB - Virtual size: 514KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 188KB - Virtual size: 681KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

BSS
Size: 310KB - Virtual size: 318KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 225KB - Virtual size: 225KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fc8cf4db45ac7fef988afa41e3bc1f2c

Headers

DLL Characteristics

File Characteristics

Imports

user32

crypt32

dbghelp

kernel32

iphlpapi

mpr

winspool.drv

shlwapi

msvcrt

Sections

.text Size: 12KB - Virtual size: 514KB

.idata Size: 188KB - Virtual size: 681KB

BSS Size: 310KB - Virtual size: 318KB

.rsrc Size: 225KB - Virtual size: 225KB

.reloc Size: 512B - Virtual size: 304B

.text
Size: 12KB - Virtual size: 514KB

.idata
Size: 188KB - Virtual size: 681KB

BSS
Size: 310KB - Virtual size: 318KB

.rsrc
Size: 225KB - Virtual size: 225KB

.reloc
Size: 512B - Virtual size: 304B