255d49f39b1b04f4eba890b043d524b0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

255d49f39b1b04f4eba890b043d524b0_JaffaCakes118
Size

100KB
MD5

255d49f39b1b04f4eba890b043d524b0
SHA1

2d97f139f705590c4de71df08fc260b2d1983c24
SHA256

22bbd7ac81a236353a7ed13e177251ea84431065ae12b4edb22be81c8b8d1f2b
SHA512

3d1de542b3f34cadce4c5839ccd770da5f2c5076ce2edfa061361d1ca4e2c09240529ceaed194e617da30bab10b454aa59f6c9b0770b16c02310fd4d49f78450
SSDEEP

384:ZfoTgyXHsbLxpZbfZKfJoLP/QZ6CVziGbSrtMbjmeQW+YA:QbALPKhkP/OvV+W+tMbjoz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
255d49f39b1b04f4eba890b043d524b0_JaffaCakes118

Files

255d49f39b1b04f4eba890b043d524b0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

39be525feecb005ad3440c7707824ce4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

monkapew.pdb

Imports

wtsapi32

WTSQueryUserToken
WTSFreeMemory
WTSEnumerateSessionsA
WTSRegisterSessionNotification
WTSVirtualChannelClose
WTSLogoffSession
WTSVirtualChannelQuery
WTSSendMessageA
WTSUnRegisterSessionNotification
WTSVirtualChannelOpen
WTSSetUserConfigW
WTSCloseServer
WTSQuerySessionInformationA
WTSOpenServerA
WTSEnumerateServersA

untfs

Recover
Format
FormatEx
Extend

shlwapi

UrlIsNoHistoryA
UrlCombineA
UrlCompareA
UrlIsOpaqueA
PathCombineA
UrlGetLocationA
UrlUnescapeA
UrlHashA
UrlCanonicalizeA
UrlIsA
UrlGetPartA
UrlEscapeA
PathCommonPrefixA
UrlCreateFromPathA

dbnmpntw

ConnectionVer
ConnectionWrite
ConnectionClose
ConnectionError
ConnectionRead

kernel32

GetCurrentThreadId
CreateDirectoryA
CompareStringW
CreateMutexA
TlsGetValue
CreateSemaphoreW
IsValidLocale
FoldStringW
HeapCreate
GetCurrentDirectoryA
WriteProcessMemory
GetDateFormatW
CreateNamedPipeW
GetConsoleAliasW
GetProcessHeap
GetTimeFormatA
GetNumberFormatA
LoadLibraryA
GetSystemInfo
SetEnvironmentVariableA
ExpandEnvironmentStringsA
GetEnvironmentVariableA
SleepEx
GetPrivateProfileIntA
GetTickCount
GetDiskFreeSpaceA
GetAtomNameA
CloseHandle
FormatMessageA
WriteFile
GetComputerNameA
CopyFileA
InterlockedExchange
CreateEventA

user32

DrawIcon
IsWindow
CreateWindowExW
GetCaretPos
CharToOemA
SetCursorPos
SetFocus
GetMessageA
LoadImageW
wsprintfA
DialogBoxParamW

authz

AuthzFreeResourceManager
AuthzFreeContext

Sections

.text
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

39be525feecb005ad3440c7707824ce4

Headers

File Characteristics

PDB Paths

Imports

wtsapi32

untfs

shlwapi

dbnmpntw

kernel32

user32

authz

Sections

.text Size: 64KB - Virtual size: 61KB

.data Size: 12KB - Virtual size: 8KB

.rsrc Size: 20KB - Virtual size: 17KB

.text
Size: 64KB - Virtual size: 61KB

.data
Size: 12KB - Virtual size: 8KB

.rsrc
Size: 20KB - Virtual size: 17KB