1555c838866a2cfe96c3ad6f41b3ae6a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1555c838866a2cfe96c3ad6f41b3ae6a_JaffaCakes118
Size

251KB
MD5

1555c838866a2cfe96c3ad6f41b3ae6a
SHA1

e2ca3164e4c1209d42f9990d4bd26621ca856b01
SHA256

0235173a616c712299a38f9338d36fb44991a51183ab8964acb633b4fb42d003
SHA512

3efb01af98d2478316062a977f35d81538ce0d89913dbd047cef51162f2ca25020163efd2eb3a96bede65901ccc3eea503a90d3aca5fed4c558901f0de75dc5a
SSDEEP

3072:qNeLGpHxybMKSr5A0DRD2ycUcHuz9A4dM5j8TcuNOHdr1b2LtLbiptTYr+9GqKd2:qAcybMKSr5DiHuddl9NqreGp8+9GqiPI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1555c838866a2cfe96c3ad6f41b3ae6a_JaffaCakes118

Files

1555c838866a2cfe96c3ad6f41b3ae6a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

34e4ba0153602bdc67a61c9b0ddff65b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetFolderPathW

shlwapi

PathAppendW

ole32

CoCreateInstance
CoRevertToSelf
CoImpersonateClient
CLSIDFromProgID

userenv

UnloadUserProfile

advapi32

ReportEventW
IsValidSid
CopySid
GetTokenInformation
OpenProcessToken
OpenThreadToken
DeregisterEventSource
RegisterEventSourceW
EqualSid
GetLengthSid

oleaut32

LoadTypeLi
VariantChangeType
SysAllocString
SafeArrayGetLBound
VariantCopy
SafeArrayCopy
SysStringByteLen
VariantClear
VariantCopyInd
SafeArrayUnlock
SafeArrayDestroy
VariantInit
SafeArrayRedim
SafeArrayGetUBound
SysFreeString
SafeArrayCreate
SysStringLen
SysAllocStringByteLen
GetErrorInfo
SafeArrayLock
SafeArrayGetVartype
VariantTimeToSystemTime
LoadRegTypeLi
SystemTimeToVariantTime

user32

UnregisterClassA

kernel32

HeapDestroy
GetThreadLocale
DeleteCriticalSection
EnterCriticalSection
HeapSize
IsDebuggerPresent
GetProcessHeap
GetSystemTimeAsFileTime
SetThreadLocale
HeapReAlloc
FormatMessageW
lstrlenW
GetCurrentThreadId
HeapFree
RaiseException
lstrlenA
LeaveCriticalSection
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapAlloc
CloseHandle
GetACP
SetErrorMode
VirtualAllocEx

winspool.drv

OpenPrinterW
AddJobA
AddPrinterConnectionA
DEVICECAPABILITIES
DevicePropertySheets
AddPrintProvidorW
StartDocDlgW
DeletePrinter
DEVICEMODE
SetPrinterDataA
QueryColorProfile
DeleteFormA
EnumPortsA
DeletePrinterConnectionW
StartDocDlgA
AdvancedDocumentPropertiesW
PerfCollect
EnumPrintProcessorDatatypesW
GetSpoolFileHandle
FreePrinterNotifyInfo
DeletePortA
PerfClose
EnumPrinterKeyW
GetDefaultPrinterW
EXTDEVICEMODE

kbdgae

KbdLayerDescriptor

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.KZinP
Size: 1024B - Virtual size: 691B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.MCHyKc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.TabE
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Gcjbw
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vMWga
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.QhUaz
Size: 512B - Virtual size: 149B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.iAaQVEl
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lwgnCNT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.DCekOV
Size: 107KB - Virtual size: 910KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 109KB - Virtual size: 558KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.FgLqd
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ilbFyuz
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

34e4ba0153602bdc67a61c9b0ddff65b

Headers

DLL Characteristics

File Characteristics

Imports

shell32

shlwapi

ole32

userenv

advapi32

oleaut32

user32

kernel32

winspool.drv

kbdgae

Sections

.text Size: 18KB - Virtual size: 18KB

.KZinP Size: 1024B - Virtual size: 691B

.MCHyKc Size: 3KB - Virtual size: 2KB

.TabE Size: 3KB - Virtual size: 2KB

.Gcjbw Size: 2KB - Virtual size: 2KB

.vMWga Size: 2KB - Virtual size: 2KB

.rdata Size: 2KB - Virtual size: 2KB

.QhUaz Size: 512B - Virtual size: 149B

.iAaQVEl Size: 1KB - Virtual size: 1KB

.lwgnCNT Size: 1KB - Virtual size: 1KB

.DCekOV Size: 107KB - Virtual size: 910KB

.data Size: 109KB - Virtual size: 558KB

.FgLqd Size: 2KB - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 4KB

.ilbFyuz Size: 2KB - Virtual size: 2KB

.text
Size: 18KB - Virtual size: 18KB

.KZinP
Size: 1024B - Virtual size: 691B

.MCHyKc
Size: 3KB - Virtual size: 2KB

.TabE
Size: 3KB - Virtual size: 2KB

.Gcjbw
Size: 2KB - Virtual size: 2KB

.vMWga
Size: 2KB - Virtual size: 2KB

.rdata
Size: 2KB - Virtual size: 2KB

.QhUaz
Size: 512B - Virtual size: 149B

.iAaQVEl
Size: 1KB - Virtual size: 1KB

.lwgnCNT
Size: 1KB - Virtual size: 1KB

.DCekOV
Size: 107KB - Virtual size: 910KB

.data
Size: 109KB - Virtual size: 558KB

.FgLqd
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 4KB

.ilbFyuz
Size: 2KB - Virtual size: 2KB