38ae8dd98585e6c227b832f79b5b45f3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

38ae8dd98585e6c227b832f79b5b45f3_JaffaCakes118
Size

324KB
MD5

38ae8dd98585e6c227b832f79b5b45f3
SHA1

eb53903b683af85bc8e531d8d9ca2c4a73b3f8fc
SHA256

662d277a3a58e2aafc0be805bd758d0befb7b2e2e4fda14479a067ab91d724d9
SHA512

a587d137660b9ed09ec7e9e466490c15b5dc8ad952647fb3f40ea34c89e97899093c21d799a7bedd1e5e9a9176453e865860f5c0f8f817efdfc2b81220f33882
SSDEEP

6144:IdxQeSK9vZy1Y3ipb2Lz2Qnum7wB4EAv62mxNa6G0Sj5phFjuROHEkxIVi4:exQgbyWy0+Qum7wB4Ebyv0EfhBuRB/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
38ae8dd98585e6c227b832f79b5b45f3_JaffaCakes118

Files

38ae8dd98585e6c227b832f79b5b45f3_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b65b04b57641175e4fc4208b053e24af

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

userenv

RsopSetPolicySettingStatus

ntdll

wcslen
strlen
RtlInitUnicodeStringEx
_chkstk
RtlIsNameLegalDOS8Dot3
NtAllocateVirtualMemory
RtlUnicodeToMultiByteSize
RtlUnwind
RtlUnicodeStringToAnsiString
RtlAnsiStringToUnicodeString
_vsnwprintf
memmove

rpcrt4

RpcBindingFree
RpcBindingSetAuthInfoExW
RpcStringBindingComposeW
RpcEpResolveBinding
I_RpcExceptionFilter
NdrClientCall2
RpcBindingFromStringBindingW
RpcStringFreeW

mswsock

AcceptEx
GetAcceptExSockaddrs

dnsapi

DnsReplaceRecordSetW

kernel32

GetVersionExA
GlobalReAlloc
InterlockedExchange
CreateEventW
SetErrorMode
FindResourceA
GlobalAlloc
GlobalLock
ResetEvent
LoadLibraryW
EnterCriticalSection
FreeLibraryAndExitThread
CreateFileW
DelayLoadFailureHook
GetSystemTimeAsFileTime
QueryPerformanceCounter
FreeResource
FindNextFileW
GetCurrentProcessId
LocalAlloc
FindFirstFileW
WaitForSingleObject
lstrcmpiW
lstrcpyW
FindResourceExW
GetCurrentDirectoryW
GetDriveTypeW
GetModuleHandleA
GlobalUnlock
DeleteFileW
GetUserDefaultLCID
LeaveCriticalSection
UnhandledExceptionFilter
LocalFree
GetProcessVersion
TlsSetValue
lstrcmpW
TlsAlloc
TlsGetValue
GetVolumeInformationW
TlsFree
GetCurrentProcess
GetModuleHandleW
lstrlenA
LocalSize
FindResourceW
SetLastError
GetFileAttributesW
FindClose
SetEvent
LockResource
GetFullPathNameW
GetProfileStringW
CreateThread
DisableThreadLibraryCalls
CloseHandle
LocalReAlloc
WideCharToMultiByte
InterlockedIncrement
GetLastError
GetCurrentThreadId
GetSystemDefaultUILanguage
LoadResource
GetACP
GetTickCount
MulDiv
lstrlenW
GetProcAddress
GlobalFree
lstrcpynW
LoadLibraryA
DeleteCriticalSection
SetUnhandledExceptionFilter
FormatMessageW
GetShortPathNameW
lstrcpyA
ExpandEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
InterlockedCompareExchange
SizeofResource
GetLocaleInfoW
SetCurrentDirectoryW
TerminateProcess
MultiByteToWideChar
FreeLibrary
GetTempFileNameW
InterlockedDecrement
GetModuleFileNameW

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 230KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b65b04b57641175e4fc4208b053e24af

Headers

DLL Characteristics

File Characteristics

Imports

userenv

ntdll

rpcrt4

mswsock

dnsapi

kernel32

Sections

.text Size: 13KB - Virtual size: 13KB

.data Size: 230KB - Virtual size: 1.4MB

.rdata Size: 15KB - Virtual size: 15KB

.rsrc Size: 64KB - Virtual size: 63KB

.tls Size: 512B - Virtual size: 4KB

.text
Size: 13KB - Virtual size: 13KB

.data
Size: 230KB - Virtual size: 1.4MB

.rdata
Size: 15KB - Virtual size: 15KB

.rsrc
Size: 64KB - Virtual size: 63KB

.tls
Size: 512B - Virtual size: 4KB