11af4aa9891fddb11b8cab124f86ead0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

11af4aa9891fddb11b8cab124f86ead0_JaffaCakes118
Size

108KB
MD5

11af4aa9891fddb11b8cab124f86ead0
SHA1

aa29ba6105de2551f7bcab42ba3d62c1363214d2
SHA256

e0f4feef33781bd7ee90d81f5194ffd52c6c8e55246484c7c87bf00b64725955
SHA512

ccb79f8b9aacfbe8df25b75f915516cbe080dc7b0258ddfc93cb7379e5c5ff41a5c41110fa65c1814889afe38e85046992d61b3a79eeaa70401f085144111f78
SSDEEP

768:PBRjsImBzyab/OwDHqD+wvQQBTn14SyfGF35EY:PTsImLb/ODD/QYb143fGF3eY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
11af4aa9891fddb11b8cab124f86ead0_JaffaCakes118

Files

11af4aa9891fddb11b8cab124f86ead0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

439b04b7a04ce61e2ede5ddb1e84189f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

nuktopwe.pdb

Imports

untfs

Chkdsk
Format
FormatEx
Extend

dbnmpntw

ConnectionError
ConnectionClose
ConnectionWrite

user32

IsZoomed
CharToOemA
SetFocus
SetCursorPos
DialogBoxParamW
PeekMessageA
DrawIcon
LoadImageW
PostMessageA
DispatchMessageA
GetWindowTextA
wsprintfA
CreateWindowExW
GetMessageA

crypt32

CertDuplicateCRLContext
CertFindCRLInStore
CertFindAttribute
CertCloseStore
CertAlgIdToOID
CertFindChainInStore
CertCompareCertificate
CertDuplicateStore
CertFreeCRLContext
CertSaveStore
CertCreateContext
CryptFindOIDInfo
CertCreateCRLContext
CertNameToStrA
CertControlStore
CertFindExtension

shlwapi

UrlGetLocationA
UrlCombineA
UrlHashA
UrlIsNoHistoryA
UrlCreateFromPathA
UrlCanonicalizeA
UrlUnescapeA
PathCompactPathA
PathCombineA
UrlEscapeA
PathCommonPrefixA

kernel32

GetCurrentThreadId
GetCurrentProcess
GetNumberFormatA
CreateMutexA
CompareStringA
CreateDirectoryA
GetTimeFormatA
GetConsoleAliasW
LoadLibraryA
WriteProcessMemory
GetProcessHeap
InterlockedExchange
GetFullPathNameA
HeapCreate
TlsGetValue
FormatMessageA
SystemTimeToFileTime
GetComputerNameA
SetEnvironmentVariableA
VirtualQuery
CreateEventA
SleepEx

wtsapi32

WTSEnumerateServersA
WTSVirtualChannelClose
WTSFreeMemory
WTSEnumerateSessionsA
WTSVirtualChannelQuery
WTSUnRegisterSessionNotification
WTSSetSessionInformationA
WTSOpenServerA
WTSVirtualChannelOpen
WTSEnumerateProcessesA
WTSSetUserConfigW
WTSVirtualChannelWrite
WTSCloseServer
WTSLogoffSession
WTSQueryUserToken
WTSWaitSystemEvent

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

439b04b7a04ce61e2ede5ddb1e84189f

Headers

File Characteristics

PDB Paths

Imports

untfs

dbnmpntw

user32

crypt32

shlwapi

kernel32

wtsapi32

Sections

.text Size: 60KB - Virtual size: 59KB

.data Size: 24KB - Virtual size: 20KB

.rsrc Size: 20KB - Virtual size: 17KB

.text
Size: 60KB - Virtual size: 59KB

.data
Size: 24KB - Virtual size: 20KB

.rsrc
Size: 20KB - Virtual size: 17KB