3a62c78b0268be0991a38b4275b5c39e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3a62c78b0268be0991a38b4275b5c39e_JaffaCakes118
Size

325KB
MD5

3a62c78b0268be0991a38b4275b5c39e
SHA1

6b0d229c60b0a2820864692faacb67d35e7c00f2
SHA256

e438cdb81c506d3ff4ca5a0c712619506c46c8e7e0b02a330395d2b49b2cc061
SHA512

4c426e222715b606ecda51c1ccf1e72cfe19770717df73744c28682df23691cd25654696a823de3ad8b48f04727b481fbb7f2534fbaaff633727b8ace7c190cb
SSDEEP

6144:jYoyEJfbHz6Xk3zQqEV72yhayIL0BNPOtxNbijEW1nqPSKsHrKhnvQgQO+S0:jYYJfbHGUbEELYNz1nqPSxE+S0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3a62c78b0268be0991a38b4275b5c39e_JaffaCakes118

Files

3a62c78b0268be0991a38b4275b5c39e_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b4c6640f78deddb51a38424fe558d80b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

dnsapi

DnsReplaceRecordSetW

ntdll

RtlInitUnicodeStringEx
_chkstk
wcslen
RtlUnwind
_wcsicmp
_vsnwprintf
RtlUnicodeStringToAnsiString
RtlAnsiStringToUnicodeString
memmove
RtlUnicodeToMultiByteSize
NtAllocateVirtualMemory
RtlIsNameLegalDOS8Dot3

kernel32

lstrcmpW
FindResourceW
GetDriveTypeW
GetCurrentThreadId
GetSystemTimeAsFileTime
DeleteCriticalSection
GetSystemDefaultUILanguage
lstrcmpiW
GlobalLock
GetACP
LeaveCriticalSection
GetProfileStringW
lstrlenW
GetTickCount
DeleteFileW
FreeLibrary
FindClose
GetVersionExA
GlobalReAlloc
WaitForSingleObject
ExpandEnvironmentStringsW
SetLastError
MulDiv
GlobalAlloc
SetCurrentDirectoryW
GlobalUnlock
CloseHandle
GetCurrentProcess
GetUserDefaultLCID
lstrcpyW
DelayLoadFailureHook
LockResource
lstrcpynW
DisableThreadLibraryCalls
FindResourceA
GetLocaleInfoW
FindFirstFileW
GetCurrentProcessId
LocalReAlloc
FindResourceExW
CreateEventW
TlsSetValue
GetFullPathNameW
FreeResource
CreateThread
LoadResource
InterlockedExchange
LocalFree
InitializeCriticalSectionAndSpinCount
GetFileAttributesW
FormatMessageW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetShortPathNameW
LocalSize
GetModuleHandleW
FreeLibraryAndExitThread
InterlockedDecrement
WideCharToMultiByte
GetModuleFileNameW
InterlockedCompareExchange
GlobalFree
GetCurrentDirectoryW
GetProcessVersion
CreateFileW
LoadLibraryA
lstrlenA
GetTempFileNameW
InterlockedIncrement
LoadLibraryW
TlsGetValue
MultiByteToWideChar
GetModuleHandleA
GetProcAddress
GetLastError
GetVolumeInformationW
TlsAlloc
lstrcpyA
TerminateProcess
SetEvent
QueryPerformanceCounter
SizeofResource
TlsFree
FindNextFileW
ResetEvent
EnterCriticalSection
LocalAlloc
SetErrorMode

rpcrt4

I_RpcExceptionFilter
RpcBindingFree
NdrClientCall2
RpcBindingFromStringBindingW
RpcStringFreeW
RpcStringBindingComposeW
RpcEpResolveBinding
RpcBindingSetAuthInfoExW

userenv

RsopFileAccessCheck

mswsock

GetAcceptExSockaddrs
AcceptEx

gdi32

CreateFontIndirectW
CreatePen
CreateCompatibleBitmap
GetViewportExtEx
GetTextMetricsW
CreateDiscardableBitmap
GetMapMode
CreateSolidBrush
GetDeviceCaps
GetCharWidth32W

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 196KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b4c6640f78deddb51a38424fe558d80b

Headers

DLL Characteristics

File Characteristics

Imports

dnsapi

ntdll

kernel32

rpcrt4

userenv

mswsock

gdi32

Sections

.text Size: 7KB - Virtual size: 7KB

.data Size: 3KB - Virtual size: 1.4MB

.rdata Size: 196KB - Virtual size: 196KB

.rsrc Size: 116KB - Virtual size: 115KB

.tls Size: 512B - Virtual size: 4KB

.text
Size: 7KB - Virtual size: 7KB

.data
Size: 3KB - Virtual size: 1.4MB

.rdata
Size: 196KB - Virtual size: 196KB

.rsrc
Size: 116KB - Virtual size: 115KB

.tls
Size: 512B - Virtual size: 4KB