165e25b7d971f44534a76d99ec2cb028_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

165e25b7d971f44534a76d99ec2cb028_JaffaCakes118
Size

267KB
MD5

165e25b7d971f44534a76d99ec2cb028
SHA1

3d1af6ffe237a4695cfd34eac40452c8f3b7b9a5
SHA256

1427513b8dae349a83407aded98b5ad6e781c822c17e05391a19476fccbe5de8
SHA512

a7e2211f973ab473f9ac53742c7f3e3a31b2917910fcd86ced95050ce38c712468d0a9ab2ec2308230e3884f3f77f94608a2b7c81a04a7779dd9d513f2634989
SSDEEP

6144:hU1nVKS0oJRdbvTpbHRMOpNOyfxW16kCM1CuWn6VhQ4:hU1nkSB3BbjOyfE16kCM9WnMq4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
165e25b7d971f44534a76d99ec2cb028_JaffaCakes118

Files

165e25b7d971f44534a76d99ec2cb028_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bf46afb415a683e94c09caad327cfba8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

UnregisterClassA

ole32

CoCreateInstance
CoRevertToSelf
CLSIDFromProgID
CoImpersonateClient

oleaut32

SafeArrayGetLBound
SysStringLen
VariantCopyInd
SafeArrayGetVartype
VariantChangeType
SysStringByteLen
VariantCopy
SysAllocString
VariantClear
SystemTimeToVariantTime
SafeArrayRedim
VariantTimeToSystemTime
VariantInit
LoadTypeLi
SafeArrayGetUBound
SafeArrayLock
SafeArrayUnlock
LoadRegTypeLi
SafeArrayCopy
GetErrorInfo
SysFreeString
SafeArrayDestroy
SysAllocStringByteLen
SafeArrayCreate

userenv

UnloadUserProfile

shell32

SHGetFolderPathW

shlwapi

PathAppendW

kernel32

GetSystemTimeAsFileTime
HeapFree
GetProcessHeap
CloseHandle
HeapDestroy
HeapSize
RaiseException
GetACP
IsDebuggerPresent
GetCurrentThreadId
lstrlenA
EnterCriticalSection
LeaveCriticalSection
HeapReAlloc
lstrlenW
SetThreadLocale
FormatMessageW
UnhandledExceptionFilter
DeleteCriticalSection
GetThreadLocale
HeapAlloc
SetUnhandledExceptionFilter
GetStartupInfoA
VirtualAllocEx
GetModuleHandleW

advapi32

RegisterEventSourceW
EqualSid
GetLengthSid
OpenThreadToken
GetTokenInformation
ReportEventW
IsValidSid
CopySid
DeregisterEventSource
OpenProcessToken

winspool.drv

DocumentEvent
EndDocPrinter
ExtDeviceMode
SetPrinterA
SeekPrinter
DeletePortW
GetPrinterDataW
GetPrinterDataExW
ConfigurePortA
GetFormW
QueryColorProfile
PrinterMessageBoxA
DocumentPropertiesA
EnumPrintProcessorsW
DeletePrinterDataA
DeletePrintProvidorW
DeletePrinterDriverExW
EnumPrintersA
DevQueryPrintEx

snmpapi

SnmpUtilPrintAsnAny
SnmpUtilOidFree
SnmpUtilVarBindListFree

Sections

.uKPN
Size: 1024B - Virtual size: 27KB

IMAGE_SCN_MEM_READ

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.VOLNPzS
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.SXSYq
Size: 1024B - Virtual size: 630B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ylkMwo
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mIET
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cyHiKL
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vkPI
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.XrsTSt
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 208KB - Virtual size: 207KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ZGPFMhQ
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.nCxL
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Zqewq
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.PrafLTM
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bf46afb415a683e94c09caad327cfba8

Headers

File Characteristics

Imports

user32

ole32

oleaut32

userenv

shell32

shlwapi

kernel32

advapi32

winspool.drv

snmpapi

Sections

.uKPN Size: 1024B - Virtual size: 27KB

.text Size: 17KB - Virtual size: 17KB

.VOLNPzS Size: 3KB - Virtual size: 2KB

.SXSYq Size: 1024B - Virtual size: 630B

.ylkMwo Size: 2KB - Virtual size: 2KB

.mIET Size: 2KB - Virtual size: 2KB

.cyHiKL Size: 1024B - Virtual size: 824B

.vkPI Size: 512B - Virtual size: 248B

.data Size: 7KB - Virtual size: 193KB

.XrsTSt Size: 2KB - Virtual size: 2KB

.rdata Size: 208KB - Virtual size: 207KB

.ZGPFMhQ Size: 1KB - Virtual size: 1KB

.nCxL Size: 2KB - Virtual size: 2KB

.Zqewq Size: 2KB - Virtual size: 2KB

.PrafLTM Size: 2KB - Virtual size: 1KB

.rsrc Size: 10KB - Virtual size: 10KB

.uKPN
Size: 1024B - Virtual size: 27KB

.text
Size: 17KB - Virtual size: 17KB

.VOLNPzS
Size: 3KB - Virtual size: 2KB

.SXSYq
Size: 1024B - Virtual size: 630B

.ylkMwo
Size: 2KB - Virtual size: 2KB

.mIET
Size: 2KB - Virtual size: 2KB

.cyHiKL
Size: 1024B - Virtual size: 824B

.vkPI
Size: 512B - Virtual size: 248B

.data
Size: 7KB - Virtual size: 193KB

.XrsTSt
Size: 2KB - Virtual size: 2KB

.rdata
Size: 208KB - Virtual size: 207KB

.ZGPFMhQ
Size: 1KB - Virtual size: 1KB

.nCxL
Size: 2KB - Virtual size: 2KB

.Zqewq
Size: 2KB - Virtual size: 2KB

.PrafLTM
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 10KB - Virtual size: 10KB