16ffaa04860ea12e47012575150c6d90_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

16ffaa04860ea12e47012575150c6d90_JaffaCakes118
Size

806KB
MD5

16ffaa04860ea12e47012575150c6d90
SHA1

103c7725d1841c68c12d3355cad54c7bb1420697
SHA256

050626a54d44d1d80e6f362eab05de35e009daeda2f933003d444554bf26c5e3
SHA512

7d8a6567c65a4fa911ed33c80a742805dd875a919eb2b0970220fcd37dd49e0c62d65b1bd4a664e81c807641161d4c6bf89c8948c3e2159d269148810648991d
SSDEEP

12288:v08kXLWO+rYvPFWe7zO+8z3DNy1dLXFmQrBz0ppqbaryTikI5DW:fkXL3qYvPYeGxHM1jZrBCpq4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
16ffaa04860ea12e47012575150c6d90_JaffaCakes118

Files

16ffaa04860ea12e47012575150c6d90_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b8d32952835d2de853de14db569c0507

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetCurrentThread
VirtualQuery
PulseEvent
GlobalHandle
SetCommTimeouts
TlsFree
GetTempFileNameW
HeapReAlloc
QueryPerformanceCounter
SetConsoleCtrlHandler
SetEnvironmentVariableA
VirtualAlloc
GetTempPathA
GetCommandLineA
_lclose

crypt32

RegQueryInfoKeyU

user32

GetAncestor
DrawTextExW
SendMessageTimeoutW
RegisterClassExW
GetDCEx
DefMDIChildProcA
WindowFromPoint
GetClassInfoExA
ValidateRgn
ShowCaret
DestroyIcon
GetMessageW
ChildWindowFromPoint
DdeSetUserHandle
DrawMenuBar
TranslateAcceleratorW
CheckRadioButton
CopyAcceleratorTableA
UnregisterClassA
CreateDialogIndirectParamA
GetMenuItemInfoA
SetWindowTextW
GetUserObjectInformationA
VkKeyScanA
wvsprintfW

msvcrt

fgetpos
towupper
localeconv
iswalnum
_mktemp
fgetwc
wcsncmp
_initterm
ceil
_getdrives
__badioinfo
_CIsqrt
swscanf
iscntrl
wcstombs
pow
_clearfp
_wsetlocale
_callnewh
isprint
_ismbcdigit
swprintf
_controlfp
_mbsnicmp
_mbsinc
iswspace
_waccess
_wfopen

gdi32

GetPaletteEntries
GetViewportOrgEx
SetPixelV
EngTextOut
TranslateCharsetInfo
GetBitmapDimensionEx
GetGraphicsMode
CreatePenIndirect
BRUSHOBJ_ulGetBrushColor
EndPath
CreateBitmapIndirect
GetClipRgn
GetSystemPaletteEntries
GetCharWidth32W
EngUnlockSurface
BeginPath
GdiEntry10
EngAssociateSurface
BRUSHOBJ_pvGetRbrush
EngFreeModule
GetCharacterPlacementA
CombineTransform
SetTextAlign
SetPolyFillMode
GdiStartDocEMF
CopyMetaFileW
GetTextCharset
CreateFontIndirectW
SetMetaFileBitsEx

oleaut32

SafeArrayGetLBound
SysReAllocStringLen
SysAllocStringLen
SysFreeString
VariantInit
GetActiveObject
SafeArrayCreate
VariantClear
GetErrorInfo
SafeArrayPtrOfIndex
VariantChangeType
VariantCopy
VariantChangeTypeEx
SysStringLen
SafeArrayGetUBound
SysAllocStringByteLen
VariantCopyInd

ntdsapi

DsMakePasswordCredentialsW
DsFreePasswordCredentials
DsBindWithCredW
DsBindW
DsFreeSchemaGuidMapW
DsMapSchemaGuidsW
DsGetDomainControllerInfoW
DsFreeNameResultW
DsCrackSpnW
DsUnBindW
DsMakeSpnW
DsCrackNamesW
DsFreeDomainControllerInfoW
DsQuoteRdnValueW

winspool.drv

DeletePrinterDataW
EnumPrinterDriversW
AddPrinterDriverExW
FindNextPrinterChangeNotification
EnumMonitorsW
GetPrinterA
AddFormW
GetPrinterDataA
EnumJobsW
DocumentPropertiesA
EnumPrinterDataW
SetPrinterDataW
AddPrinterDriverW
EndPagePrinter
EnumFormsA
GetPrintProcessorDirectoryA
EnumPortsW
DeleteMonitorW

Sections

CODE
Size: 25KB - Virtual size: 375KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 619KB - Virtual size: 970KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 118B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b8d32952835d2de853de14db569c0507

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

crypt32

user32

msvcrt

gdi32

oleaut32

ntdsapi

winspool.drv

Sections

CODE Size: 25KB - Virtual size: 375KB

.data Size: 619KB - Virtual size: 970KB

.rsrc Size: 160KB - Virtual size: 159KB

.reloc Size: 1024B - Virtual size: 118B

CODE
Size: 25KB - Virtual size: 375KB

.data
Size: 619KB - Virtual size: 970KB

.rsrc
Size: 160KB - Virtual size: 159KB

.reloc
Size: 1024B - Virtual size: 118B