2777ca7fd17a0a4c1ad85c7a9b8d0117_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2777ca7fd17a0a4c1ad85c7a9b8d0117_JaffaCakes118
Size

36KB
MD5

2777ca7fd17a0a4c1ad85c7a9b8d0117
SHA1

60c277bde608c203ae5629564cbd8535355aec05
SHA256

adee5f7e808b773449c6c6cb5afc315b7344b6b60efa08480034e642711c92ac
SHA512

014b3b3afc77b6d6ae1c5284c4e437473636639b1691849814dcf28106bff2f3aacfd4c17b55655f55b03486da2926af228217e62b84cf0faefd2927591ec94e
SSDEEP

768:rQvpNfcJZ3702vNWF56mjFtW2WdHB7XTqi4d/taZzRQaCSlhHv7ax:rAyZr0aNkgdHB7XTqi7N2aCSLax

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2777ca7fd17a0a4c1ad85c7a9b8d0117_JaffaCakes118

Files

2777ca7fd17a0a4c1ad85c7a9b8d0117_JaffaCakes118
.exe windows:5 windows x86 arch:x86

1ae46b02535ce3fed01feb9f3b826f0c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

PeekMessageA
GetMenuState
GetProcessWindowStation
SetParent
DdeQueryNextServer
SetScrollInfo
IsDialogMessage
IsWinEventHookInstalled
UpdateWindow
SetDlgItemTextA
User32InitializeImmEntryTable
DrawFocusRect
GetScrollRange

ntdll

_lfind
RtlUnicodeToOemN
ZwQueryInformationAtom
ZwReadFile
NtRemoveProcessDebug
NtReadRequestData
RtlInitializeResource
NtDeleteAtom
strpbrk
RtlTraceDatabaseFind
NtRequestPort
NtImpersonateClientOfPort
RtlRealSuccessor
ZwQueryDirectoryObject
LdrGetProcedureAddress
RtlAreBitsClear
_CIlog
RtlQueryProcessDebugInformation

keymgr

PRShowSaveWizardExW
PRShowRestoreWizardExW
PRShowRestoreWizardW
KRShowKeyMgr
CPlApplet
PRShowSaveFromMsginaW
DllMain
PRShowRestoreFromMsginaW

kernel32

IsValidLocale
RtlCaptureContext
GetConsoleOutputCP
DeleteTimerQueueTimer
LoadLibraryA
GetSystemTimeAsFileTime
GetACP
DeleteFileA
IsSystemResumeAutomatic

shlwapi

PathSearchAndQualifyA
SHRegSetPathA
SHRegOpenUSKeyA
PathParseIconLocationA
SHRegQueryInfoUSKeyW
SHEnumValueW
UrlApplySchemeA
wvnsprintfA
wvnsprintfW
StrCSpnIA
AssocQueryStringByKeyA
PathIsUNCServerA
PathRemoveFileSpecA
SHRegGetPathW
PathFindFileNameA
PathRelativePathToA

msvcirt

??0stdiostream@@QAE@PAU_iobuf@@@Z
?write@ostream@@QAEAAV1@PBEH@Z
?seekg@istream@@QAEAAV1@JW4seek_dir@ios@@@Z
?clrlock@ios@@QAAXXZ
??4ofstream@@QAEAAV0@ABV0@@Z
??5istream@@QAEAAV0@AAN@Z
??_Eostrstream@@UAEPAXI@Z
??_8iostream@@7Bistream@@@
??0ostream@@QAE@PAVstreambuf@@@Z
??0iostream@@IAE@ABV0@@Z
?flush@@YAAAVostream@@AAV1@@Z
?gcount@istream@@QBEHXZ
??_Eostream@@UAEPAXI@Z
?setmode@ofstream@@QAEHH@Z

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1ae46b02535ce3fed01feb9f3b826f0c

Headers

DLL Characteristics

File Characteristics

Imports

user32

ntdll

keymgr

kernel32

shlwapi

msvcirt

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 2KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB