1681eacd11423a9a9226e562196359ec_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1681eacd11423a9a9226e562196359ec_JaffaCakes118
Size

122KB
MD5

1681eacd11423a9a9226e562196359ec
SHA1

984dff333525b009a0b19ef327c9a28bc98e730e
SHA256

d9ca88efd4f22a8db4617313ef4bdc03cac2b02826c588d0aa4e42b46fc24f42
SHA512

52c9e5554a416f80b3a0309b24fa0250f6bec04a137f8062eb66a0720a95698a0dc9770010bed545d1cdd58b385d680542956ecfbe4716f9606c4e0b02921701
SSDEEP

3072:gT7LQbKeo4388UXucQO2uiW/Axz/m2600mv6lMCQT7ZuMHN9lyxBnOJyCiLX2OTE:gLQbKeo4388UXucQO2uiW/Axz/m2600K

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1681eacd11423a9a9226e562196359ec_JaffaCakes118

Files

1681eacd11423a9a9226e562196359ec_JaffaCakes118
.exe windows:6 windows x86 arch:x86

58e6390d0e7e89121d3b8c6d4f93c973

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

appidpolicyconverter.pdb

Imports

msvcrt

__CxxFrameHandler3
_purecall
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_controlfp
exit
_XcptFilter
_exit
_vsnwprintf_s
__RTDynamicCast
memcpy_s
_except_handler4_common
memmove_s
??0exception@@QAE@ABQBD@Z
_cexit
__wgetmainargs
_callnewh
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@XZ
malloc
_wsetlocale
free
_CxxThrowException
wcsstr
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
towupper
wcstol
_wtoi
_initterm
_ui64tow_s

ntdll

EtwTraceMessage
EtwGetTraceEnableFlags
EtwEventRegister
EtwEventWrite
EtwEventUnregister
RtlNtStatusToDosErrorNoTeb
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel

api-ms-win-core-localregistry-l1-1-0

RegDeleteTreeW
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCloseKey
RegEnumKeyExW

userenv

EnterCriticalPolicySection
LeaveCriticalPolicySection

slc

SLGetWindowsInformationDWORD

kernel32

InterlockedDecrement
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
CreateBoundaryDescriptorW
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
ReleaseMutex
GetCurrentProcessId
ClosePrivateNamespace
CreateFileW
Sleep
InterlockedIncrement
InterlockedExchange
LoadLibraryExA
InterlockedCompareExchange
FreeLibrary
GetProcAddress
AddSIDToBoundaryDescriptor
CreatePrivateNamespaceW
OpenPrivateNamespaceW
DeleteBoundaryDescriptor
GetCurrentThreadId
GetCurrentProcess
SetUnhandledExceptionFilter
DelayLoadFailureHook
HeapSetInformation
CreateMutexExW
WaitForSingleObject
SleepEx
LocalFree
GetLastError
CloseHandle
DeviceIoControl

appidapi

AppIDEncodeAttributeString
AppIDFreeAttributeString

rpcrt4

RpcStringFreeW
UuidFromStringW
UuidToStringW

Sections

.text
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

58e6390d0e7e89121d3b8c6d4f93c973

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-core-localregistry-l1-1-0

userenv

slc

kernel32

appidapi

rpcrt4

Sections

.text Size: 79KB - Virtual size: 79KB

.data Size: 3KB - Virtual size: 4KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 36KB - Virtual size: 37KB

.text
Size: 79KB - Virtual size: 79KB

.data
Size: 3KB - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 36KB - Virtual size: 37KB