27aba1de254e920240d6b6c833d37763_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

27aba1de254e920240d6b6c833d37763_JaffaCakes118
Size

629KB
MD5

27aba1de254e920240d6b6c833d37763
SHA1

d29ee921d51f17443f535230dfaf58dacaec76c5
SHA256

762f57c847fa1d433ecd46008bfacab7b993d91be8a0811bc0fb0b72a518b615
SHA512

209bc6914d56b23ad8a40e9e005719c6586afe1c0735b57993c5a8ef89d9ac715409f78403707f7e6b97e068a3436c140295962008488f40fe12f591caf95b75
SSDEEP

12288:Y/S1SXdglLVqEt0gKpb0UowDxuy8y4kkxFt/IW:x1kC54E01b0EDnEb5IW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
27aba1de254e920240d6b6c833d37763_JaffaCakes118

Files

27aba1de254e920240d6b6c833d37763_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c8684aa398417f63dc5fb0af20b24c2d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetNumberFormatW
GetLocalTime
RegisterWowBaseHandlers
FreeResource
DeleteVolumeMountPointA
GetDiskFreeSpaceExA
GetSystemTime
lstrcatA
BuildCommDCBAndTimeoutsW
GetModuleHandleA
ExpungeConsoleCommandHistoryW
LocalAlloc
FreeLibrary
FindFirstVolumeW
HeapReAlloc
IsValidLocale
InitAtomTable
LoadLibraryA
SetConsoleCursorPosition
GetProcAddress
VirtualAlloc
GetVersion
FileTimeToDosDateTime
GetHandleInformation

advapi32

SetEntriesInAccessListW
QueryServiceStatus
RegLoadKeyW
RegQueryValueA
RegOpenKeyExA
CryptEnumProvidersA

shell32

StrCmpNIA

shlwapi

UrlCombineW
UrlIsNoHistoryW
PathIsUNCServerShareA
SHQueryInfoKeyW
SHRegQueryUSValueA
StrNCatW
StrPBrkW
SHGetValueA
PathRelativePathToW
PathFindNextComponentW
UrlCreateFromPathW
StrSpnA

winspool.drv

AbortPrinter
DeletePrinterConnectionW
ResetPrinterA
ord209
ord204
ConvertAnsiDevModeToUnicodeDevmode
EnumPrintProcessorsW
DocumentPropertySheets
EnumPrintProcessorDatatypesW
AddPrinterConnectionA
ord213
FindFirstPrinterChangeNotification
EnumPrinterDriversA
DevicePropertySheets
DevQueryPrintEx
DocumentPropertiesA
StartDocPrinterA
EnumJobsA
OpenPrinterA
EnumPrinterDataA
ord256
SetPrinterDataW
StartDocPrinterW
QueryColorProfile

msvcrt

sqrt
_rmtmp
fwrite
fread
fclose
fputc
_mbsnextc
fopen
__p__wenviron
wcsrchr
__p__pwctype
_mbspbrk
_kbhit
ferror
_mbsnbcat
feof
sprintf
fwprintf
ftell
fsetpos
fprintf
_fileno
_flsbuf
_wcsnicoll
_unlink
memset
_rotr
fseek
fputs
_atoldbl
frexp
_Getdays
_mbsncmp
printf

Sections

.text
Size: 608KB - Virtual size: 606KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c8684aa398417f63dc5fb0af20b24c2d

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

shlwapi

winspool.drv

msvcrt

Sections

.text Size: 608KB - Virtual size: 606KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 12KB - Virtual size: 8KB

.text
Size: 608KB - Virtual size: 606KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 12KB - Virtual size: 8KB