2ee3f012a04adec69d05e9acb038db10_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

2ee3f012a04adec69d05e9acb038db10_JaffaCakes118
Size

108KB
MD5

2ee3f012a04adec69d05e9acb038db10
SHA1

9aec31515df7693fac5ee46c7649b310e7a0e8f6
SHA256

93a73360e5aba0bb8c2ab1ea91e6420ff4aa07a6c7f2e5e46be3cfc31599efb3
SHA512

005e77c215b7ea9e1c15049d6d7b19787be3500d94f88f016d33fae254d71609fba756432baff9962ab27f46a9105fc6ae6a687954740fffc796158cca029d77
SSDEEP

768:EBRjsIVsggXcpTtpZZ+wvQQBTn14SyfGF35EY:ETsICggXcpht/QYb143fGF3eY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2ee3f012a04adec69d05e9acb038db10_JaffaCakes118

Files

2ee3f012a04adec69d05e9acb038db10_JaffaCakes118
.exe windows:4 windows x86 arch:x86

439b04b7a04ce61e2ede5ddb1e84189f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

nuktopwe.pdb

Imports

untfs

Chkdsk
Format
FormatEx
Extend

dbnmpntw

ConnectionError
ConnectionClose
ConnectionWrite

user32

IsZoomed
CharToOemA
SetFocus
SetCursorPos
DialogBoxParamW
PeekMessageA
DrawIcon
LoadImageW
PostMessageA
DispatchMessageA
GetWindowTextA
wsprintfA
CreateWindowExW
GetMessageA

crypt32

CertDuplicateCRLContext
CertFindCRLInStore
CertFindAttribute
CertCloseStore
CertAlgIdToOID
CertFindChainInStore
CertCompareCertificate
CertDuplicateStore
CertFreeCRLContext
CertSaveStore
CertCreateContext
CryptFindOIDInfo
CertCreateCRLContext
CertNameToStrA
CertControlStore
CertFindExtension

shlwapi

UrlGetLocationA
UrlCombineA
UrlHashA
UrlIsNoHistoryA
UrlCreateFromPathA
UrlCanonicalizeA
UrlUnescapeA
PathCompactPathA
PathCombineA
UrlEscapeA
PathCommonPrefixA

kernel32

GetCurrentThreadId
GetCurrentProcess
GetNumberFormatA
CreateMutexA
CompareStringA
CreateDirectoryA
GetTimeFormatA
GetConsoleAliasW
LoadLibraryA
WriteProcessMemory
GetProcessHeap
InterlockedExchange
GetFullPathNameA
HeapCreate
TlsGetValue
FormatMessageA
SystemTimeToFileTime
GetComputerNameA
SetEnvironmentVariableA
VirtualQuery
CreateEventA
SleepEx

wtsapi32

WTSEnumerateServersA
WTSVirtualChannelClose
WTSFreeMemory
WTSEnumerateSessionsA
WTSVirtualChannelQuery
WTSUnRegisterSessionNotification
WTSSetSessionInformationA
WTSOpenServerA
WTSVirtualChannelOpen
WTSEnumerateProcessesA
WTSSetUserConfigW
WTSVirtualChannelWrite
WTSCloseServer
WTSLogoffSession
WTSQueryUserToken
WTSWaitSystemEvent

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

439b04b7a04ce61e2ede5ddb1e84189f

Headers

File Characteristics

PDB Paths

Imports

untfs

dbnmpntw

user32

crypt32

shlwapi

kernel32

wtsapi32

Sections

.text Size: 60KB - Virtual size: 59KB

.data Size: 24KB - Virtual size: 20KB

.rsrc Size: 20KB - Virtual size: 17KB

.text
Size: 60KB - Virtual size: 59KB

.data
Size: 24KB - Virtual size: 20KB

.rsrc
Size: 20KB - Virtual size: 17KB