2e25c84d73d5cb6f79d5808f1b07269d_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

2e25c84d73d5cb6f79d5808f1b07269d_JaffaCakes118
Size

46KB
MD5

2e25c84d73d5cb6f79d5808f1b07269d
SHA1

8a3b3b603f9eedd8690cfb38201598a19902060c
SHA256

689a744e4f05e5728cb92208eefff4793e8ab561a2a291f83f3f9fb2c09a580c
SHA512

3266ae9d426cb5b71dbe696985b12b598e9f216707c88e5cce45b594913c508037b58c49daf464fccecd754f01b8f2bc6be938215a146a86f587738c9d276d5d
SSDEEP

768:L0XjRWaDE8uYdBeVnU0pWNetIygfp89kB63ciW/Xa5kPHNI0+vwGgXXb5:LdwESeVUKtIyIp89kB69kK5k7ewP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2e25c84d73d5cb6f79d5808f1b07269d_JaffaCakes118

Files

2e25c84d73d5cb6f79d5808f1b07269d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e23e68ef7b127166c3b8057cfa001676

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetVolumeMountPointA
SetThreadContext
UnlockFileEx
PeekConsoleInputW
FindActCtxSectionStringA
BackupWrite
SetConsoleLocalEUDC
LocalAlloc
GlobalUnfix
IsValidLocale
lstrcmpi
SetDefaultCommConfigW
OpenJobObjectA
LoadLibraryA
InterlockedDecrement
GetSystemTimeAsFileTime
GetVolumeNameForVolumeMountPointW
DeleteTimerQueueTimer
FillConsoleOutputCharacterW
LoadLibraryExA
OpenConsoleW
DeleteFileA
GetFileTime
ReleaseMutex
GetTimeFormatW
MapUserPhysicalPages
GetFileAttributesA
GetEnvironmentStringsW

oleaut32

SafeArrayCreateVectorEx
VarBoolFromI1
CreateErrorInfo
BstrFromVector
OleLoadPictureEx
VarInt
BSTR_UserSize
VarDecNeg
VariantTimeToDosDateTime
VarCyFromUI2
VarI4FromR4
VarBstrCat
OleCreatePictureIndirect
VarI2FromDisp

ifsutil

?AddDriveName@MOUNT_POINT_MAP@@QAEEPAVWSTRING@@0@Z
?GetDrive@SECRUN@@QAEPAVIO_DP_DRIVE@@XZ
?Sort@TLINK@@QAEXXZ
?QueryCanonicalNtDriveName@IFS_SYSTEM@@SGEPBVWSTRING@@PAV2@@Z
??0SUPERAREA@@IAE@XZ
?ForceAutochk@VOL_LIODPDRV@@QAEEEKKGPBVWSTRING@@@Z
?AddVolumeName@MOUNT_POINT_MAP@@QAEEPAVWSTRING@@0@Z
?QueryDisjointRangeAndAssignBuffer@TLINK@@QAEPAXPAVBIG_INT@@PAG1PAXK2@Z
?Look@INTSTACK@@QBE?AVBIG_INT@@K@Z
??0DIGRAPH_EDGE@@QAE@XZ
?QueryNtfsTime@IFS_SYSTEM@@SGXPAT_LARGE_INTEGER@@@Z
??0SECRUN@@QAE@XZ
?QuerySize@TLINK@@QBEGXZ
?Read@IO_DP_DRIVE@@QAEEVBIG_INT@@KPAX@Z
??0MOUNT_POINT_TUPLE@@QAE@XZ
??1NUMBER_SET@@UAE@XZ
?AddNext@NUMBER_SET@@QAEEVBIG_INT@@@Z
?Remove@NUMBER_SET@@QAEEVBIG_INT@@0@Z
?QueryFileSystemName@IFS_SYSTEM@@SGEPBVWSTRING@@PAV2@PAJ1@Z

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e23e68ef7b127166c3b8057cfa001676

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

oleaut32

ifsutil

Sections

.text Size: 33KB - Virtual size: 33KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 488B

.rsrc Size: 7KB - Virtual size: 7KB

.text
Size: 33KB - Virtual size: 33KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 488B

.rsrc
Size: 7KB - Virtual size: 7KB