39c0e005cd2892a7b315081f9db6dc37_JaffaCakes118

General

Target

39c0e005cd2892a7b315081f9db6dc37_JaffaCakes118
Size

742KB
MD5

39c0e005cd2892a7b315081f9db6dc37
SHA1

e9c2dda548ca0f53939d8bbf9228a92977964341
SHA256

9005436ea8f7c0dede260d1b249540c94a02431afe4d26956b4199705577ea62
SHA512

e5b258b62685152ba0387a280a27957c6cd78848d31a7cd65089c0c8dbd0d59d65089f702fe0dd8e759a27c2974219f9c170ba67c6457a4725a8b09dc69ce77e
SSDEEP

12288:T2359uMww1bLO6ejFn8KL8XdChu/FiMZgi7hLEsOYt4ZmwjHCmac95RDOqruN2mE:S5p126wFn8KL8tz4MZHVLJtimSimHROY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
39c0e005cd2892a7b315081f9db6dc37_JaffaCakes118

Files

39c0e005cd2892a7b315081f9db6dc37_JaffaCakes118
.exe windows:5 windows x86 arch:x86

05b5175d2ef3cff62efc0005c3354f82

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

certcli

CAEnumFirstCA
CACloseCertType
CACloseCA
CADeleteCA

shlwapi

UrlIsOpaqueA
UrlHashA
UrlCompareA
PathCommonPrefixA
PathCombineA
UrlIsNoHistoryW
UrlGetLocationA
UrlGetPartA
UrlCreateFromPathA
UrlCanonicalizeA
UrlUnescapeA
UrlIsA
UrlCombineA

advapi32

RegCreateKeyA
InitializeSid
RegOpenKeyExA
CreateServiceA
RegEnumKeyA
IsValidSid
RegSaveKeyA
ControlService
RegEnumValueA
RegFlushKey
IsValidAcl
RegDeleteValueA
CreateProcessAsUserA
RegCloseKey
OpenServiceA
RegQueryValueA
IsValidSecurityDescriptor

kernel32

GetAtomNameA
CompareStringA
GetProcessId
GetCurrentDirectoryA
GetModuleHandleA
ReadFile
GetEnvironmentVariableA
VirtualAlloc
GetDateFormatA
FormatMessageA
lstrcpynA
TlsGetValue
GetFullPathNameA
CreateFileA
GetVersionExA
GetPrivateProfileIntA
WriteConsoleA
WaitForSingleObject

nddeapi

NDdeShareAddA
NDdeShareSetInfoA
NDdeShareDelA
NDdeShareEnumA

modemui

drvCommConfigDialogA
drvGetDefaultCommConfigA
CountryRunOnce

Sections

.text
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 682KB - Virtual size: 682KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

05b5175d2ef3cff62efc0005c3354f82

Headers

DLL Characteristics

File Characteristics

Imports

certcli

shlwapi

advapi32

kernel32

nddeapi

modemui

Sections

.text Size: 53KB - Virtual size: 52KB

.data Size: 5KB - Virtual size: 4KB

.rsrc Size: 682KB - Virtual size: 682KB

.text
Size: 53KB - Virtual size: 52KB

.data
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 682KB - Virtual size: 682KB