29819223248b104535385367fced9378_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

29819223248b104535385367fced9378_JaffaCakes118
Size

573KB
MD5

29819223248b104535385367fced9378
SHA1

39640229a19380cd9450923dca08bd7f30390b6d
SHA256

a814667d8b3aa725d6d8afeae04d437098d75c731c4ed24a915d71263c3ab6ae
SHA512

70857fb8bf8208b977f1e9d57e1714b42f9c4b023eadafc3a5b6b128fa65bebb777ef578e542df3442a5df9e136cf7c33ffe7f615b9fe2231b0dc535f8b416cb
SSDEEP

12288:bNd9D2vfMQRLb7YezUuraurDdosw+ejVuQ/T+u0a:bNnDmfMsPYKnZdoZVoQd0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
29819223248b104535385367fced9378_JaffaCakes118

Files

29819223248b104535385367fced9378_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c8f9c834de33c15b5df418af5b8a7cd6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crtdll

wscanf
wcsrchr
sin
localtime
isalnum
fputc
_rmtmp
_ismbblead
_finite
_fileno
_exit
_c_exit

version

VerQueryValueW
GetFileVersionInfoSizeA
GetFileVersionInfoA

rpcrt4

double_from_ndr
RpcSmClientFree
RpcServerTestCancel
RpcMgmtStatsVectorFree
RpcMgmtSetComTimeout
RpcMgmtEpEltInqDone
RpcBindingSetAuthInfoExA
MesInqProcEncodingId
DceErrorInqTextA

ntdll

ZwOpenIoCompletion
ZwDeleteAtom
RtlSetTimer
RtlSetAttributesSecurityDescriptor
RtlPrefixString
RtlNtStatusToDosError
NtSetLowWaitHighEventPair
NtLoadKey2
NtEnumerateValueKey
NtAllocateUuids
CsrFreeCaptureBuffer
RtlAddAuditAccessAce

kernel32

SetCommState
CompareFileTime
ExitProcess
FindFirstChangeNotificationW
FindFirstFileExW
FindNextChangeNotification
GetACP
GetCPInfoExW
GetCommandLineA
GetDriveTypeW
GetTapeParameters
GlobalMemoryStatus
HeapAlloc
lstrcpyA
WaitForMultipleObjectsEx
VirtualFree
VirtualAlloc
VerLanguageNameW
VerLanguageNameA
TlsSetValue
SetWaitableTimer
SetUnhandledExceptionFilter
SetThreadPriorityBoost
SetThreadLocale
SetThreadAffinityMask
SetLastError
OpenSemaphoreW
OpenMutexW
MultiByteToWideChar
LocalAlloc
LeaveCriticalSection
BeginUpdateResourceW

userenv

UnregisterGPNotification
RegisterGPNotification
LeaveCriticalPolicySection
CreateEnvironmentBlock
DestroyEnvironmentBlock
EnterCriticalPolicySection
ExpandEnvironmentStringsForUserW
FreeGPOListW
GetAppliedGPOListW
GetProfilesDirectoryW

Exports

Exports

BdhoIbSqLpdf
PfgrvQwdvjqoxR
cIgykamESgxPrjxyw
dXqMambKZpufvCHxaf
eZnwozkyhksKvwlusn
lpdcWweRa
myttjfyGaljhK
ojfqdueryUL
qtwyorxLbeoce
rqyselaUzqzgts
vctCldjzoodmyusvz
wyfhwLMDaoeOuuuhmC

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 505KB - Virtual size: 507KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c8f9c834de33c15b5df418af5b8a7cd6

Headers

File Characteristics

Imports

crtdll

version

rpcrt4

ntdll

kernel32

userenv

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 36KB

.data Size: 505KB - Virtual size: 507KB

.rsrc Size: 31KB - Virtual size: 30KB

.text
Size: 36KB - Virtual size: 36KB

.data
Size: 505KB - Virtual size: 507KB

.rsrc
Size: 31KB - Virtual size: 30KB