3076a1a574dfcff033177a4042ed49e9_JaffaCakes118

General

Target

3076a1a574dfcff033177a4042ed49e9_JaffaCakes118
Size

57KB
MD5

3076a1a574dfcff033177a4042ed49e9
SHA1

35c0d6687598c8c995b3b01b3af28738619a3267
SHA256

02375243d1fede480919bffc8ae1f722073d3613f8618a6811e3ac6162472dab
SHA512

5a67eb7b13cbfd29bddb06915eeace3839d2db21270a4b348d9e945f3298d82ec96aadbf700f0f2900d3ef8e19dc52f206597c5b22a95aca80cf8236b449db01
SSDEEP

768:frP9PKIX5EL3pJJcPoKt05zaekmuINKOGoQiQRM93Qm5m2AeYZ5pEuer+bVlN2bD:fN7GLZJCr3auIcoQpCL5mV5pq1DfQPU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3076a1a574dfcff033177a4042ed49e9_JaffaCakes118

Files

3076a1a574dfcff033177a4042ed49e9_JaffaCakes118
.exe windows:5 windows x86 arch:x86

79e4411f48e736c9c086432a28c1cefb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

ConvertStringSidToSidW
CreateServiceA
CryptGetHashParam
SetSecurityDescriptorGroup
LsaGetRemoteUserName
OpenSCManagerW
RegUnLoadKeyA
BuildSecurityDescriptorW
LsaRetrievePrivateData

kernel32

FillConsoleOutputAttribute
GetCommandLineA
GetModuleHandleA
FindNextVolumeMountPointW
IsBadStringPtrA
FindNextFileA
FlushConsoleInputBuffer
WriteConsoleA
GetLogicalDrives
WritePrivateProfileStructA
LocalReAlloc
GetStartupInfoA
SetConsoleTextAttribute
GlobalUnlock
VirtualProtect
FindFirstFileW
SetVDMCurrentDirectories

gdi32

GetCharacterPlacementA
UnrealizeObject
SetFontEnumeration
BRUSHOBJ_pvGetRbrush
EngCreateDeviceSurface

user32

DlgDirSelectExW
IsWindowEnabled
UnloadKeyboardLayout
SetWindowPlacement
CloseDesktop
GetClipboardFormatNameW
DdeQueryConvInfo
OemToCharBuffW

msvcrt

feof
_safe_fdiv
_strcmpi
strstr
fmod
_ismbcl0
_heapused
_controlfp
ungetwc
system

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

79e4411f48e736c9c086432a28c1cefb

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

msvcrt

Sections

.text Size: 50KB - Virtual size: 50KB

.data Size: 5KB - Virtual size: 40KB

.rsrc Size: 1024B - Virtual size: 928B

.text
Size: 50KB - Virtual size: 50KB

.data
Size: 5KB - Virtual size: 40KB

.rsrc
Size: 1024B - Virtual size: 928B