157fc8c3997984ef720a3751392fddfe_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

157fc8c3997984ef720a3751392fddfe_JaffaCakes118
Size

36KB
MD5

157fc8c3997984ef720a3751392fddfe
SHA1

24c8fa926c23b59342f6df316c2b7c0ec03b0277
SHA256

fdaac7b70f6cb062af203687b7ead65e269959ee9243d3042f2dd3f0ba4fdbb5
SHA512

5de4253cf807fbb75705fbe1deb96a69b4d6dc52e68492bc6d32d755625446e3df716f72b5e8d78c09176710ae826068389a3c94a140fe0a56102cb5ff122194
SSDEEP

768:YN6QKz6DsbnRziFT2hwOUnJFpiWmJqwqX4UXkat:h3+DCnxiFT2BUJFppeqwl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
157fc8c3997984ef720a3751392fddfe_JaffaCakes118

Files

157fc8c3997984ef720a3751392fddfe_JaffaCakes118
.exe windows:5 windows x86 arch:x86

88124532dfe93f74ae03513a6b4a6748

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

UrlEscapeA
UrlCombineA
UrlGetPartA
UrlCanonicalizeA
PathCombineA
UrlIsOpaqueA
UrlGetLocationA
UrlHashA
UrlIsA
UrlCompareA

user32

GetCaretPos
IsZoomed
GetWindowTextA
GetMessageA
IsWindow
DialogBoxParamA
wsprintfA
GetPropA
SetCursorPos
DrawIcon
IsDialogMessageA
CreateWindowExA
IsCharLowerW

wtsapi32

WTSEnumerateSessionsW
WTSVirtualChannelQuery
WTSLogoffSession
WTSFreeMemory
WTSUnRegisterSessionNotification
WTSVirtualChannelRead
WTSWaitSystemEvent
WTSOpenServerW
WTSSendMessageA
WTSSetSessionInformationW
WTSRegisterSessionNotification
WTSEnumerateProcessesA
WTSVirtualChannelOpen
WTSSetUserConfigW

advapi32

RegOpenKeyExA
IsTextUnicode
RegEnumValueA
CreateProcessAsUserA
RegEnumKeyA
RegCreateKeyA
InitializeSid
RegFlushKey
ControlService
RegSaveKeyA
IsValidAcl
CreateServiceA
RegQueryValueA

kernel32

FindResourceA
GetAtomNameA
UpdateResourceA
GetStringTypeA
HeapValidate
GetSystemTimeAsFileTime
GetCurrentDirectoryA
FormatMessageA
GetFullPathNameA
CreateNamedPipeA
GetProcessId
GetProcAddress
CloseHandle
SetFilePointer
CreateDirectoryA
GetCurrentProcess
GetModuleHandleA
DeviceIoControl
ReadConsoleA
GetPrivateProfileStructW
ReadFile
GetPrivateProfileIntA
GetComputerNameA
WaitForSingleObject

modemui

CountryRunOnce
drvSetDefaultCommConfigA
drvCommConfigDialogA
drvGetDefaultCommConfigA

msimg32

DllInitialize
TransparentBlt
vSetDdrawflag
GradientFill

certcli

CACloseCertType
CADeleteCA
CAEnumNextCA
CACloseCA
CAEnumFirstCA

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

88124532dfe93f74ae03513a6b4a6748

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

user32

wtsapi32

advapi32

kernel32

modemui

msimg32

certcli

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 20KB - Virtual size: 19KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 20KB - Virtual size: 19KB

.reloc
Size: 3KB - Virtual size: 2KB