39e0296bdb898eec3c879834e54c9579_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

39e0296bdb898eec3c879834e54c9579_JaffaCakes118
Size

325KB
MD5

39e0296bdb898eec3c879834e54c9579
SHA1

9a7dfc35083135ae8973003eb9f88ab157aa6b1f
SHA256

0ddabc43109eba2f8463866c7eddce40f81e270669a5759aff1547c630de8c20
SHA512

699a14ca31648d7a4f6e7b3e46066b9ecb8c86b7c74a51a4f3f407aa02009def92beba6f4eb6fce99b17941cce16944b064d63148eba530f3b34e5adfd6ee58f
SSDEEP

6144:MfNExU1ub0ufHsLwlYjP5MgmHCzcfBlOqFgtfLU:wNExOubZsLwMhMg2CwDA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
39e0296bdb898eec3c879834e54c9579_JaffaCakes118

Files

39e0296bdb898eec3c879834e54c9579_JaffaCakes118
.exe windows:5 windows x86 arch:x86

54f3c0c523b8cb778c46edac4b404da9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameW
GlobalLock
LoadResource
CreateFileW
SetEvent
ResetEvent
FindClose
GetDriveTypeW
InterlockedCompareExchange
FreeLibraryAndExitThread
SetErrorMode
TerminateProcess
FindResourceA
lstrcmpW
GetACP
UnhandledExceptionFilter
TlsAlloc
GetVolumeInformationW
GetVersionExA
GlobalFree
FindNextFileW
DeleteCriticalSection
SizeofResource
WideCharToMultiByte
FindResourceW
MulDiv
GetLocaleInfoW
GetSystemDefaultUILanguage
GetCurrentProcessId
GetCurrentProcess
ExpandEnvironmentStringsW
lstrlenW
TlsSetValue
QueryPerformanceCounter
lstrlenA
FindFirstFileW
InterlockedIncrement
SetLastError
GetProcessVersion
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetShortPathNameW
GetModuleHandleW
GetCurrentThreadId
TlsFree
GetFullPathNameW
lstrcpyW
LocalAlloc
GlobalAlloc
DisableThreadLibraryCalls
LocalReAlloc
CreateThread
DelayLoadFailureHook
EnterCriticalSection
WaitForSingleObject
LoadLibraryW
GlobalReAlloc
GetProcAddress
InterlockedExchange
MultiByteToWideChar
TlsGetValue
DeleteFileW
InterlockedDecrement
LocalFree
GetSystemTimeAsFileTime
lstrcpyA
LoadLibraryA
GetFileAttributesW
GlobalUnlock
GetTempFileNameW
SetCurrentDirectoryW
FindResourceExW
FreeResource
CreateEventW
LeaveCriticalSection
GetCurrentDirectoryW
FormatMessageW
GetLastError
GetUserDefaultLCID
LocalSize
GetProfileStringW
FreeLibrary
lstrcpynW
LockResource
CloseHandle
GetTickCount
GetModuleHandleA
lstrcmpiW

ntdll

RtlIsNameLegalDOS8Dot3
NtQueryVirtualMemory
wcslen
RtlUnwind
_vsnwprintf
RtlUnicodeStringToAnsiString
RtlInitUnicodeStringEx
RtlUnicodeToMultiByteSize
NtAllocateVirtualMemory
_chkstk
memmove
_wcsicmp

rpcrt4

RpcStringFreeW
NdrClientCall2
RpcBindingFromStringBindingW
RpcEpResolveBinding
RpcBindingFree
RpcBindingSetAuthInfoExW
I_RpcExceptionFilter
RpcStringBindingComposeW

dnsapi

DnsReplaceRecordSetW

gdi32

DeleteDC
SelectObject
CreateFontW
GetViewportExtEx
GetWindowExtEx
BitBlt
GetDeviceCaps
RealizePalette
SetWindowExtEx
GetCharWidth32W

comctl32

FlatSB_GetScrollRange

mswsock

GetAcceptExSockaddrs
AcceptEx

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 196KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

54f3c0c523b8cb778c46edac4b404da9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ntdll

rpcrt4

dnsapi

gdi32

comctl32

mswsock

Sections

.text Size: 7KB - Virtual size: 7KB

.data Size: 3KB - Virtual size: 1.4MB

.rdata Size: 196KB - Virtual size: 196KB

.rsrc Size: 116KB - Virtual size: 115KB

.tls Size: 512B - Virtual size: 4KB

.text
Size: 7KB - Virtual size: 7KB

.data
Size: 3KB - Virtual size: 1.4MB

.rdata
Size: 196KB - Virtual size: 196KB

.rsrc
Size: 116KB - Virtual size: 115KB

.tls
Size: 512B - Virtual size: 4KB