1596e56a2103b753881cbac0d03a38c9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1596e56a2103b753881cbac0d03a38c9_JaffaCakes118
Size

823KB
MD5

1596e56a2103b753881cbac0d03a38c9
SHA1

1eea3359ff3c4654e1691650f873b00e01024af2
SHA256

6b69c1b0f198c12ec4629949d0da10dbbd0be694cc63f8ced91717f9209f1332
SHA512

902be07bcc455fe6093aeb35c0966a8ee7bbd8154aa9804774a6e307f131b738c59740dc59be612b4cca8bb017ef911d3245e4485ad58a66072be425255bf9ab
SSDEEP

12288:GVN2fuw50DDl6Wtrkzm8CY6yRjxp2JCFN/bwWLDBKZQB5Fdw/CPDOh4siuAGXYTG:2mh50DPX1WD2QDbwWLDysvqCbkUEYE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1596e56a2103b753881cbac0d03a38c9_JaffaCakes118

Files

1596e56a2103b753881cbac0d03a38c9_JaffaCakes118
.exe windows:5 windows x86 arch:x86

d0a4ff180b6feef9e354c1826f5f6132

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

cryptdll

CDBuildVect
CDFindCommonCSystem
CDBuildIntegrityVect
CDFindCommonCSystemWithKey
CDLocateCheckSum
CDLocateRng
CDLocateCSystem
MD5Init
MD5Update
CDRegisterCheckSum
CDGenerateRandomBits
MD5Final
CDRegisterRng
CDRegisterCSystem

rasman

RasRpcGetInstalledProtocolsEx
RasPortEnum
RasCompressionGetInfo
RasDeviceConnect
RasRpcRemoteRasDeleteEntry
RasSetConnectionParams
RasCreateConnection
RasRpcDeviceEnum
RasConnectionGetStatistics
RasRpcGetUserPreferences
RasBundleClearStatisticsEx
RasGetDialParams
RasPortGetFramingEx
RasPortDisconnect
RasRegisterPnPEvent

kernel32

EnumSystemLanguageGroupsA
lstrcat
InitAtomTable
GetCurrentActCtx
SetLastError
GetUserDefaultLCID
GetSystemWindowsDirectoryA
CallNamedPipeW
GetTickCount
LoadLibraryW
CreateTimerQueue
Module32Next

ifsutil

?AddVolumeName@MOUNT_POINT_MAP@@QAEEPAVWSTRING@@0@Z
?Initialize@READ_WRITE_CACHE@@QAEEPAVIO_DP_DRIVE@@K@Z
?RemoveEdge@DIGRAPH@@QAEEKK@Z
?Initialize@LOG_IO_DP_DRIVE@@QAEEPBVWSTRING@@PAVMESSAGE@@EG@Z
?GetData@TLINK@@QAEAAVBIG_INT@@G@Z
?ShellSort@TLINK@@QAEXXZ
?DeleteEntry@AUTOREG@@SGEPBVWSTRING@@0@Z
??1CANNED_SECURITY@@UAE@XZ

oleaut32

VarR8FromStr
VarR4FromDec
SafeArrayCopyData
VarI8FromCy
VarR8Round
BSTR_UserSize
VarDateFromBool
VarBoolFromStr
VarFormatNumber

crtdll

fputc
wcsncpy
_CIsinh
memcpy
_chdir
_locking
isleadbyte
_clearfp
wcsxfrm
_ismbstrail
_execvpe
_putenv
strchr

Sections

.text
Size: 394KB - Virtual size: 393KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 173KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 129KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d0a4ff180b6feef9e354c1826f5f6132

Headers

DLL Characteristics

File Characteristics

Imports

cryptdll

rasman

kernel32

ifsutil

oleaut32

crtdll

Sections

.text Size: 394KB - Virtual size: 393KB

.rdata Size: 124KB - Virtual size: 124KB

.data Size: 173KB - Virtual size: 1.5MB

.rsrc Size: 129KB - Virtual size: 128KB

.reloc Size: 1024B - Virtual size: 896B

.text
Size: 394KB - Virtual size: 393KB

.rdata
Size: 124KB - Virtual size: 124KB

.data
Size: 173KB - Virtual size: 1.5MB

.rsrc
Size: 129KB - Virtual size: 128KB

.reloc
Size: 1024B - Virtual size: 896B