1390299210ef2b313ec66283e42873e0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1390299210ef2b313ec66283e42873e0_JaffaCakes118
Size

88KB
MD5

1390299210ef2b313ec66283e42873e0
SHA1

41c79aaca6ce7e9ba6af39ef6e715ab9ce95fe02
SHA256

ae0fcf73f4b89b3bdcdf3838babf7aace52558f830a173e513404f245c9004a6
SHA512

7c6a1b133ba7ccc876bbb98cd4e8da947248f2baf558bd957fea9c4ed396ac60aaa185b2866fedbd643c2e73c6f7e168f90a1a13d2f06f3d9927a7b16430cd37
SSDEEP

1536:hNQxKKK4Cl9OUSybOjk453NTSlwpFuUidQmiIPYJ0cgf:hNQxKr/nOUMkcNudQ8gJ0cY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1390299210ef2b313ec66283e42873e0_JaffaCakes118

Files

1390299210ef2b313ec66283e42873e0_JaffaCakes118
.exe windows:5 windows x86 arch:x86

5ea79bce509c43342d947a68b54609c5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

SetupQueryInfOriginalFileInformationW
CM_Get_Device_Interface_AliasA
SetupCommitFileQueueW
CM_Get_Parent_Ex
SetupInstallServicesFromInfSectionExW
SetupDuplicateDiskSpaceListA
CM_Move_DevNode
SetupDiGetClassImageListExA
SetupQueueRenameA
pSetupGetFileTitle
InstallHinfSectionA
SetupRemoveFromDiskSpaceListW
SetupDiSetClassInstallParamsW
SetupDefaultQueueCallbackA
CM_Detect_Resource_Conflict_Ex
SetupGetNonInteractiveMode

mapistub

GetTnefStreamCodepage
PRProviderInit
CreateTable@36
PropCopyMore@16
HrDispatchNotifications@4
DllCanUnloadNow
SzFindSz@8
ScRelocProps@20
GetTnefStreamCodepage@12
MapStorageSCode@4
cmc_read
MAPIResolveName
OpenTnefStream
MAPIInitialize@4
GetOutlookVersion@0

ntdll

RtlZombifyActivationContext
NtCompressKey
NtStopProfile
ZwCreateProfile
RtlFinalReleaseOutOfProcessMemoryStream
NlsAnsiCodePage
NtShutdownSystem
ZwTranslateFilePath
ZwOpenProcessToken
RtlFindLongestRunClear
NtSystemDebugControl
NtNotifyChangeDirectoryFile
RtlQuerySecurityObject
RtlSelfRelativeToAbsoluteSD
RtlOemStringToUnicodeSize

kernel32

VirtualQueryEx
GetVersion
LoadLibraryA
IsWow64Process
GetDateFormatA
GetConsoleAliasExesLengthW
GetConsoleAliasExesW
CopyFileExA
WriteConsoleOutputA
SetCalendarInfoA
BaseFlushAppcompatCache
VirtualAlloc
LocalSize
GetPrivateProfileIntW
SwitchToFiber

user32

SetScrollPos
BringWindowToTop

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5ea79bce509c43342d947a68b54609c5

Headers

DLL Characteristics

File Characteristics

Imports

setupapi

mapistub

ntdll

kernel32

user32

Sections

.text Size: 48KB - Virtual size: 47KB

.rdata Size: 18KB - Virtual size: 17KB

.data Size: 19KB - Virtual size: 40KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 252B

.text
Size: 48KB - Virtual size: 47KB

.rdata
Size: 18KB - Virtual size: 17KB

.data
Size: 19KB - Virtual size: 40KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 252B