170453e87d5347f29a21d2913a67e696_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

170453e87d5347f29a21d2913a67e696_JaffaCakes118
Size

367KB
MD5

170453e87d5347f29a21d2913a67e696
SHA1

6689110062857b36c7aaebdafe9109b95b7c7d86
SHA256

4a3a033076ddb0dbb7edc7a7441b0d5fe3c0fc975589e2cf44ee7f464ece7763
SHA512

499edc0668103d0f62d0b39d6541cbfb4f59f114ce73776719ac79295919ef1f24915c6191c9bccc166a88abb5fd7ae45663734b4f638dcd407bb6dc4a7aabd5
SSDEEP

6144:C4TPYuEnC2k30JJvzFqECDXuXoNv8drfEQCaTqFJQgfCkCIW0X2zbR6z6Y+DMC:v1G960zxd3XoRqfEQPWJVfQ0X2zG6YlC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
170453e87d5347f29a21d2913a67e696_JaffaCakes118

Files

170453e87d5347f29a21d2913a67e696_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5e9c760a537cc4d4249aed76908d7a76

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

LoadCursorA
GetForegroundWindow
GetDialogBaseUnits
IsWindowVisible
SetWindowPos
GetTopWindow
SetSysColors
GetDlgItemTextA
CreateDialogIndirectParamA
ChildWindowFromPoint

gdi32

CloseEnhMetaFile
GetBkMode
EnumObjects
EndDoc
DeleteObject
CopyMetaFileW

advapi32

RegEnumKeyExA
RegQueryValueExA
RegOpenKeyExA
BackupEventLogW
ClearEventLogW
PrivilegeCheck
RegSetValueExA
OpenBackupEventLogW

kernel32

GetOEMCP
HeapAlloc
VirtualAlloc
HeapReAlloc
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GlobalSize
VirtualProtectEx
OpenSemaphoreA
GlobalUnlock
GetDateFormatA
VirtualQuery
HeapFree
HeapSize
GetProcAddress
SetHandleInformation
VirtualAllocEx
GetACP
GetCPInfo
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
WriteFile
RtlUnwind
HeapCreate
HeapDestroy
GetLastError
TlsGetValue
SetLastError
TlsAlloc
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetCurrentThreadId
TlsSetValue
VirtualFree

winspool.drv

AddPrintProcessorA
GetPrinterW
DeletePrinterDriverW
EnumPrintProcessorsA
DeletePrinterConnectionW
GetPrinterA
DeletePrinterDriverA

netapi32

NetUseAdd
NetConfigGet
NetFileClose
NetGetAnyDCName
NetAuditWrite
NetErrorLogClear
NetGetJoinInformation

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bav
Size: 332KB - Virtual size: 331KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5e9c760a537cc4d4249aed76908d7a76

Headers

File Characteristics

Imports

user32

gdi32

advapi32

kernel32

winspool.drv

netapi32

Sections

.text Size: 29KB - Virtual size: 28KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 2KB - Virtual size: 80KB

.bav Size: 332KB - Virtual size: 331KB

.rsrc Size: 3KB - Virtual size: 3KB

.text
Size: 29KB - Virtual size: 28KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 2KB - Virtual size: 80KB

.bav
Size: 332KB - Virtual size: 331KB

.rsrc
Size: 3KB - Virtual size: 3KB