2b41b79e5d109104de74263afd86e47f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2b41b79e5d109104de74263afd86e47f_JaffaCakes118
Size

325KB
MD5

2b41b79e5d109104de74263afd86e47f
SHA1

2df2a15a40b9cb9620d7dc6899537b0f20059409
SHA256

e4cebd82e785b416e497ce253325e18a126776e63e46dbb3dc54bb79010bf6cb
SHA512

32bb41d07ed1a6de9b78fc9a69edb7c2f0aa190cfcfe5e49644edfc575c39eb9bc4af0343d725694683bf8987a18e1abeeeb95226d698569a0dfb661ca89e461
SSDEEP

6144:wN/9gLg8g0FmK5qs/nR1DT9KJSZqlJqI+uL15bBBHlOtZPl0HnMW0bCb:O/9gbg0F75qcr0JZlMFu7nFOPl0HMdm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b41b79e5d109104de74263afd86e47f_JaffaCakes118

Files

2b41b79e5d109104de74263afd86e47f_JaffaCakes118
.exe windows:5 windows x86 arch:x86

dab37e37698ccfbf2ff1948f77e60ab4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlUnicodeToMultiByteSize
NtAllocateVirtualMemory
NtQueryVirtualMemory
RtlUnwind
RtlUnicodeStringToAnsiString
RtlInitUnicodeStringEx
_wcsicmp
memmove
_vsnwprintf
wcslen
RtlIsNameLegalDOS8Dot3
_chkstk

dnsapi

DnsReplaceRecordSetW

gdi32

SelectObject
SetBkMode
GetTextMetricsW
GetObjectW
DeleteObject
ExcludeClipRect
EnumFontFamiliesExW
GetCharWidth32W
SelectClipRgn
LineTo

rpcrt4

RpcStringBindingComposeW
RpcBindingFree
NdrClientCall2
I_RpcExceptionFilter
RpcBindingSetAuthInfoExW
RpcEpResolveBinding
RpcBindingFromStringBindingW
RpcStringFreeW

mswsock

AcceptEx
GetAcceptExSockaddrs

kernel32

TerminateProcess
CreateEventW
GlobalFree
lstrcpyA
TlsAlloc
FindResourceExW
GetDriveTypeW
GetTickCount
lstrcmpiW
GetCurrentDirectoryW
SetEvent
FindNextFileW
LocalSize
FreeLibraryAndExitThread
DelayLoadFailureHook
GetProfileStringW
lstrlenA
GetLastError
SizeofResource
DisableThreadLibraryCalls
CreateThread
GetFileAttributesW
GetModuleHandleW
LockResource
GetModuleHandleA
FreeResource
LoadResource
FormatMessageW
SetUnhandledExceptionFilter
TlsSetValue
GetProcAddress
LocalReAlloc
ResetEvent
DeleteFileW
SetLastError
lstrcpyW
GetCurrentThreadId
FindClose
GetCurrentProcess
CloseHandle
QueryPerformanceCounter
lstrlenW
GlobalReAlloc
LocalFree
GetUserDefaultLCID
GetLocaleInfoW
WaitForSingleObject
MulDiv
FreeLibrary
GetModuleFileNameW
MultiByteToWideChar
ExpandEnvironmentStringsW
LocalAlloc
TlsFree
LoadLibraryW
GetCurrentProcessId
SetCurrentDirectoryW
GetTempFileNameW
SetErrorMode
InterlockedExchange
InterlockedIncrement
lstrcmpW
GlobalUnlock
FindResourceA
InterlockedDecrement
GetSystemTimeAsFileTime
GetShortPathNameW
GetVolumeInformationW
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
FindFirstFileW
GetSystemDefaultUILanguage
InterlockedCompareExchange
GetProcessVersion
DeleteCriticalSection
LeaveCriticalSection
CreateFileW
WideCharToMultiByte
GetFullPathNameW
lstrcpynW
GlobalLock
FindResourceW
GetACP
GetVersionExA
UnhandledExceptionFilter
TlsGetValue
LoadLibraryA
GlobalAlloc

userenv

RsopFileAccessCheck

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 196KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

dab37e37698ccfbf2ff1948f77e60ab4

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

dnsapi

gdi32

rpcrt4

mswsock

kernel32

userenv

Sections

.text Size: 7KB - Virtual size: 7KB

.data Size: 3KB - Virtual size: 1.4MB

.rdata Size: 196KB - Virtual size: 196KB

.rsrc Size: 116KB - Virtual size: 115KB

.tls Size: 512B - Virtual size: 4KB

.text
Size: 7KB - Virtual size: 7KB

.data
Size: 3KB - Virtual size: 1.4MB

.rdata
Size: 196KB - Virtual size: 196KB

.rsrc
Size: 116KB - Virtual size: 115KB

.tls
Size: 512B - Virtual size: 4KB