0fec5c3477a1488841b7238ac06c97e0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0fec5c3477a1488841b7238ac06c97e0_JaffaCakes118
Size

108KB
MD5

0fec5c3477a1488841b7238ac06c97e0
SHA1

c2cb9722011a0b7b95a054d5b11cbdc0d793f020
SHA256

8b89013b8875f74875ad17fbc97e2e768674a03e907aeaceda715dfbba4524a6
SHA512

b56cb8967e90f0bd7f3f5e833f8b1cb3e56d5a60bf95cc4ec1f59d59fe878e425706d0975baf5cc15736b045ccb0c613ceca0bef567b9e6b2d05deeba5abbd9b
SSDEEP

768:zBRjsImBzyab/OwDHqD+wvQQBTn14SyfGF35EY:zTsImLb/ODD/QYb143fGF3eY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0fec5c3477a1488841b7238ac06c97e0_JaffaCakes118

Files

0fec5c3477a1488841b7238ac06c97e0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

439b04b7a04ce61e2ede5ddb1e84189f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

nuktopwe.pdb

Imports

untfs

Chkdsk
Format
FormatEx
Extend

dbnmpntw

ConnectionError
ConnectionClose
ConnectionWrite

user32

IsZoomed
CharToOemA
SetFocus
SetCursorPos
DialogBoxParamW
PeekMessageA
DrawIcon
LoadImageW
PostMessageA
DispatchMessageA
GetWindowTextA
wsprintfA
CreateWindowExW
GetMessageA

crypt32

CertDuplicateCRLContext
CertFindCRLInStore
CertFindAttribute
CertCloseStore
CertAlgIdToOID
CertFindChainInStore
CertCompareCertificate
CertDuplicateStore
CertFreeCRLContext
CertSaveStore
CertCreateContext
CryptFindOIDInfo
CertCreateCRLContext
CertNameToStrA
CertControlStore
CertFindExtension

shlwapi

UrlGetLocationA
UrlCombineA
UrlHashA
UrlIsNoHistoryA
UrlCreateFromPathA
UrlCanonicalizeA
UrlUnescapeA
PathCompactPathA
PathCombineA
UrlEscapeA
PathCommonPrefixA

kernel32

GetCurrentThreadId
GetCurrentProcess
GetNumberFormatA
CreateMutexA
CompareStringA
CreateDirectoryA
GetTimeFormatA
GetConsoleAliasW
LoadLibraryA
WriteProcessMemory
GetProcessHeap
InterlockedExchange
GetFullPathNameA
HeapCreate
TlsGetValue
FormatMessageA
SystemTimeToFileTime
GetComputerNameA
SetEnvironmentVariableA
VirtualQuery
CreateEventA
SleepEx

wtsapi32

WTSEnumerateServersA
WTSVirtualChannelClose
WTSFreeMemory
WTSEnumerateSessionsA
WTSVirtualChannelQuery
WTSUnRegisterSessionNotification
WTSSetSessionInformationA
WTSOpenServerA
WTSVirtualChannelOpen
WTSEnumerateProcessesA
WTSSetUserConfigW
WTSVirtualChannelWrite
WTSCloseServer
WTSLogoffSession
WTSQueryUserToken
WTSWaitSystemEvent

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

439b04b7a04ce61e2ede5ddb1e84189f

Headers

File Characteristics

PDB Paths

Imports

untfs

dbnmpntw

user32

crypt32

shlwapi

kernel32

wtsapi32

Sections

.text Size: 60KB - Virtual size: 59KB

.data Size: 24KB - Virtual size: 20KB

.rsrc Size: 20KB - Virtual size: 17KB

.text
Size: 60KB - Virtual size: 59KB

.data
Size: 24KB - Virtual size: 20KB

.rsrc
Size: 20KB - Virtual size: 17KB