14f8defa548b796bdc62aa88056fc9d3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

14f8defa548b796bdc62aa88056fc9d3_JaffaCakes118
Size

286KB
MD5

14f8defa548b796bdc62aa88056fc9d3
SHA1

3d2fa0141f10c532a3e8559a36380b9ea87230bd
SHA256

812dc9ff70cbc569a3bdac1a808628edf94e3c451d74cd0e2edc8afd3e605bb4
SHA512

3a24da5aeb92b649943e574faeb8efa0d9134fd8c290111d4f1dbbd2a6eb1a269f5353e96ddfb72aa9efc7fb276f4768b3c4f81f55a984466151bc04bc75c570
SSDEEP

6144:0zdQANkh/dV/JxzVCn/GdqN/fYFDVAFCacgh:kWKkhvH5QtN/ACNPh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
14f8defa548b796bdc62aa88056fc9d3_JaffaCakes118

Files

14f8defa548b796bdc62aa88056fc9d3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2af5c42d70c62bda752d5820a7bbae59

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathIsUNCA

ole32

CoInitializeEx
CoUninitialize
StringFromCLSID
CoTaskMemFree
CoCreateInstance

oleaut32

SafeArrayCopy
SafeArrayGetLBound
SysAllocString
VariantCopy
SafeArrayGetUBound
SafeArrayLock
GetErrorInfo
VariantChangeType
VariantClear
SysFreeString
SysAllocStringLen
VariantInit
SafeArrayDestroy
SafeArrayUnlock

kernel32

GetSystemTimeAsFileTime
MapViewOfFile
GetFullPathNameA
CreateEventA
UnmapViewOfFile
CreateMutexA
EnterCriticalSection
FreeLibrary
FindResourceExA
HeapFree
FindResourceA
FindClose
MoveFileA
DeleteCriticalSection
RemoveDirectoryA
FindFirstFileA
PulseEvent
LocalAlloc
FindNextFileA
WriteFile
HeapSize
CreateSemaphoreA
CreateFileMappingA
FormatMessageA
DeleteFileA
ReleaseMutex
WaitForMultipleObjects
LockResource
GetUserDefaultLCID
ReleaseSemaphore
SetProcessWorkingSetSize
TlsGetValue
GetProcessHeap
SetFilePointer
SetFileAttributesA
GetThreadLocale
lstrcmpiA
ReadFile
OpenEventA
HeapReAlloc
LoadResource
LCMapStringA
WideCharToMultiByte
HeapDestroy
CreateDirectoryA
WaitForSingleObject
TlsSetValue
HeapAlloc
lstrlenA
OpenProcess
GetACP
GetModuleHandleA
CloseHandle
GetCurrentThreadId
LeaveCriticalSection
lstrlenW
CreateFileA
SizeofResource
OpenFileMappingA
CopyFileA
RaiseException
LocalFree
LoadLibraryW
VirtualAlloc

user32

ExitWindowsEx
wsprintfA
LoadStringA

rpcrt4

RpcStringFreeA
UuidFromStringA
UuidToStringA

mpr

WNetAddConnection2A
WNetCancelConnection2A

esent

JetCreateTable
JetBeginTransaction
JetAddColumn
JetDeleteColumn
JetGetLogInfo
JetEndExternalBackup
JetAttachDatabase2
JetGetSystemParameter
JetResetTableSequential
JetGetLogInfoInstance
JetOSSnapshotFreeze
JetUpdate
JetReadFileInstance
JetGrowDatabase
JetDefragment
JetSetDatabaseSize
JetDelete
JetIdle
JetCompact
JetMakeKey
JetReadFile

netplwiz

DllGetClassObject

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 245KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2af5c42d70c62bda752d5820a7bbae59

Headers

File Characteristics

Imports

shlwapi

ole32

oleaut32

kernel32

user32

rpcrt4

mpr

esent

netplwiz

Sections

.text Size: 21KB - Virtual size: 20KB

.data Size: 245KB - Virtual size: 1.1MB

.rdata Size: 3KB - Virtual size: 2KB

.rsrc Size: 16KB - Virtual size: 16KB

.text
Size: 21KB - Virtual size: 20KB

.data
Size: 245KB - Virtual size: 1.1MB

.rdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 16KB - Virtual size: 16KB