27b4d684acdd5025f4f3cb8ebb5e6130_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

27b4d684acdd5025f4f3cb8ebb5e6130_JaffaCakes118
Size

131KB
MD5

27b4d684acdd5025f4f3cb8ebb5e6130
SHA1

54126a18f1cf9e7ea8f44cfae272aca0e409fe2e
SHA256

b2b09c61fa19c6f7699796d47ef36da67d9e86714b47bd44559ce30b2e05b71e
SHA512

ca4eb0f9cd62d5a84eced41b5712be9c6620f6cf7c0c4802805242bdecf37537576be51a3feed0907aafcbb05bf3737d20ebc4f12cf82279e1a01050dbab746a
SSDEEP

3072:0N2QC0yJkApH+mZ/TIziOWMrB1L/HkuVXM3BsEA3mfiw9dGOxrqt:mqcA44bg5r/L/HzXM3OEAaRGqrqt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
27b4d684acdd5025f4f3cb8ebb5e6130_JaffaCakes118

Files

27b4d684acdd5025f4f3cb8ebb5e6130_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c9c1404954ec9793918387ae1e125599

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CreateDialogParamA
WindowFromPoint
GetNextDlgGroupItem
ShowWindow
GetWindowThreadProcessId
EnumWindows
CreateWindowExA
AdjustWindowRectEx
SetParent
ShowWindowAsync
GetWindow
GetClipboardData

gdi32

AddFontResourceW
AngleArc
GdiFlush
BitBlt
GetBkColor
ExtEscape
CreateEllipticRgn
CreateSolidBrush
EqualRgn
GetBkMode

advapi32

AdjustTokenPrivileges
RegQueryValueA
RegNotifyChangeKeyValue
RegOpenKeyExA
RegUnLoadKeyA
NotifyChangeEventLog
OpenEventLogA
RegisterEventSourceW

kernel32

SetLastError
TlsGetValue
GetLastError
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
EnterCriticalSection
LeaveCriticalSection
GetStringTypeW
IsBadReadPtr
InitializeCriticalSection
ResetEvent
IsBadStringPtrA
CreateMutexA
ReleaseMutex
VirtualAlloc
GetStringTypeA
HeapReAlloc
VirtualQuery
CompareStringA
GetDateFormatA
ReleaseSemaphore
WritePrivateProfileStringA
GetProcAddress
GetEnvironmentVariableA
VirtualAllocEx
LCMapStringW
LCMapStringA
MultiByteToWideChar
LoadLibraryA
HeapAlloc
GetOEMCP
GetACP
GetCPInfo
TlsAlloc
TlsSetValue
GetCurrentThreadId
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte

winspool.drv

DeletePrinterDriverA
GetJobW
EnumPrintersW
AddPrintProcessorW
DeletePrinter
ConnectToPrinterDlg
SetJobA
EnumJobsA
AddPrinterA

netapi32

NetSetPrimaryComputerName
NetLocalGroupDelMembers
NetErrorLogClear
NetGetDCName
NetErrorLogRead
NetAuditWrite
NetConfigSet
Netbios

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ejknn
Size: 332KB - Virtual size: 331KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c9c1404954ec9793918387ae1e125599

Headers

File Characteristics

Imports

user32

gdi32

advapi32

kernel32

winspool.drv

netapi32

Sections

.text Size: 29KB - Virtual size: 28KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 2KB - Virtual size: 80KB

.ejknn Size: 332KB - Virtual size: 331KB

.rsrc Size: 3KB - Virtual size: 3KB

.text
Size: 29KB - Virtual size: 28KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 2KB - Virtual size: 80KB

.ejknn
Size: 332KB - Virtual size: 331KB

.rsrc
Size: 3KB - Virtual size: 3KB