0fcf80e774b5cabcca2ea56fe479e6ba_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0fcf80e774b5cabcca2ea56fe479e6ba_JaffaCakes118
Size

80KB
MD5

0fcf80e774b5cabcca2ea56fe479e6ba
SHA1

9b6132d986db19ce54c89a7ab6fe56898c5bcd37
SHA256

2a318a75397027c7621bc81f98f413fa53bd34f420e9346e73dd9edf4ef148ac
SHA512

13591366b511367852ba370275318e23a9313ddce5b09b21c486adc1dc4e11eecb04064f4cbe1d573a52b5d51abfb992c0ecd6b46fae77335b76aad45475e816
SSDEEP

1536:uWU0HKpZTIZg1o+Kw2BDlBKr/m+RJFdHkR0yt7:LUCFO1o+KJDlALZhdHkR0w

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0fcf80e774b5cabcca2ea56fe479e6ba_JaffaCakes118

Files

0fcf80e774b5cabcca2ea56fe479e6ba_JaffaCakes118
.exe windows:4 windows x86 arch:x86

baa8e0522a79e4ff298ea48d7226fd0c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

oledlg

ord1
ord7
ord8
ord9

comctl32

CreateToolbarEx
ord15
ord14

shlwapi

StrChrIW
StrRStrIW
StrCSpnA

kernel32

GetModuleHandleA
GetProcAddress
GetEnvironmentStrings
GetEnvironmentVariableA
GetACP
GetStdHandle
CreateSemaphoreA
ReleaseSemaphore
SuspendThread
LocalLock
LocalReAlloc
VirtualAlloc
TlsGetValue
TlsSetValue
LocalHandle
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetLastError
GetFileType
WriteFile
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetCurrentThreadId
TlsAlloc
SetLastError
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
HeapAlloc
SetFilePointer
GetCPInfo
GetOEMCP
HeapReAlloc
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

winspool.drv

GetJobW
EnumPrinterDriversA
DeletePrinterDriverA
AddPrinterConnectionA
SetPrinterW
ClosePrinter
DeletePrinterDataA
SetJobW
SetJobA
GetPrinterDriverA
AbortPrinter
GetJobA
AddPrinterDriverExW
EnumPrintersA

secur32

CompleteAuthToken
ApplyControlToken
VerifySignature
AcceptSecurityContext
MakeSignature
DeleteSecurityContext
ExportSecurityContext
EncryptMessage
DecryptMessage
FreeCredentialsHandle

uxtheme

GetThemeSysInt

usp10

ScriptCPtoX
ScriptString_pcOutChars
ScriptFreeCache
ScriptShape
ScriptStringAnalyse
ScriptJustify
ScriptItemize

wsnmp32

ord604
ord105
ord400
ord103

activeds

ord6
ord4
ord16
ord5
ord19
ord12
ord23
ord18
ord9
ord15
ord17
ord7
ord14
ord3

cryptui

CryptUIWizImport
CryptUIDlgViewContext
CryptUIWizExport
CryptUIWizDigitalSign

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

baa8e0522a79e4ff298ea48d7226fd0c

Headers

File Characteristics

Imports

oledlg

comctl32

shlwapi

kernel32

winspool.drv

secur32

uxtheme

usp10

wsnmp32

activeds

cryptui

Sections

.text Size: 21KB - Virtual size: 20KB

.rdata Size: 10KB - Virtual size: 9KB

.data Size: 5KB - Virtual size: 10KB

.rsrc Size: 40KB - Virtual size: 40KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 21KB - Virtual size: 20KB

.rdata
Size: 10KB - Virtual size: 9KB

.data
Size: 5KB - Virtual size: 10KB

.rsrc
Size: 40KB - Virtual size: 40KB

.reloc
Size: 2KB - Virtual size: 2KB