3ae2313ac81edc9a86ccba8d2ee1a5a0_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3ae2313ac81edc9a86ccba8d2ee1a5a0_JaffaCakes118
Size

96KB
MD5

3ae2313ac81edc9a86ccba8d2ee1a5a0
SHA1

ea56883dc84f69555f40c08f2a54c1e562b0fefb
SHA256

432b141bd6bcfe358a33b6a3a15c57e7ac816d8e4bf4693076abe8ab98f5276a
SHA512

cb93909b601a416efff5cd43fba1855da58c747b15105778fddbae4259dc128226c1f06fefbf4f2a34fd3a8dd4527f912917b39f80c025688f39327e8b14a64a
SSDEEP

384:z81ftznblmOwKKYz5c6cEftznbliziKZxtpWRdpSQXtP0PhKbv3K:o1flxmOfKGK6lflxi+0petPOhKby

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3ae2313ac81edc9a86ccba8d2ee1a5a0_JaffaCakes118

Files

3ae2313ac81edc9a86ccba8d2ee1a5a0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

729ac8a35a410c50be8fd1fc20ef75a6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

klipopga.pdb

Imports

dbnmpntw

ConnectionClose
ConnectionError
ConnectionRead
ConnectionVer

wtsapi32

WTSFreeMemory
WTSLogoffSession
WTSSetSessionInformationA
WTSOpenServerA
WTSVirtualChannelRead
WTSVirtualChannelOpen
WTSVirtualChannelQuery
WTSQuerySessionInformationA
WTSQueryUserToken
WTSWaitSystemEvent
WTSEnumerateServersA
WTSVirtualChannelWrite
WTSUnRegisterSessionNotification
WTSVirtualChannelClose

crypt32

CertCreateContext
CertGetNameStringA
CertCloseStore
CertCompareCertificate
CertSaveStore
CryptEncodeObject
CertFindExtension
CertAlgIdToOID
CertFindChainInStore
CertOpenStore
CertControlStore
CertFindAttribute
CryptFindOIDInfo
CertDuplicateCRLContext
CertFreeCRLContext

kernel32

GetTimeFormatA
GetComputerNameA
CompareStringW
SleepEx
SetEnvironmentVariableA
WriteProcessMemory
InterlockedExchange
GetEnvironmentVariableA
WriteFile
CreateMutexA
FoldStringW
GetCurrentDirectoryA
QueryDosDeviceA
CreateSemaphoreW
GetDateFormatW
GetNumberFormatA
InterlockedDecrement
FindResourceExA
CopyFileA
GetCurrentProcess
CreateNamedPipeW
CreateDirectoryA
LoadLibraryA
CreateEventA
GetConsoleAliasW
GetPrivateProfileIntA
GetCurrentThreadId
GetDiskFreeSpaceA
HeapCreate

upnphost

DllGetClassObject
DllRegisterServer
ServiceMain
DllUnregisterServer
DllCanUnloadNow

user32

CharToOemA
LoadCursorA
GetCaretPos
GetWindowLongA
IsWindow
CreateWindowExW
LoadImageW
PostMessageA
DialogBoxParamW
IsZoomed
GetWindowTextA

shlwapi

UrlGetPartA
UrlIsOpaqueA
PathCombineA
PathCompactPathA
PathCommonPrefixA
UrlGetLocationA
UrlIsA
UrlCreateFromPathA
UrlEscapeA
UrlIsNoHistoryA
UrlCompareA
UrlCanonicalizeA
UrlUnescapeA
UrlHashA

Sections

.text
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

729ac8a35a410c50be8fd1fc20ef75a6

Headers

File Characteristics

PDB Paths

Imports

dbnmpntw

wtsapi32

crypt32

kernel32

upnphost

user32

shlwapi

Sections

.text Size: 60KB - Virtual size: 57KB

.data Size: 20KB - Virtual size: 16KB

.rsrc Size: 12KB - Virtual size: 11KB

.text
Size: 60KB - Virtual size: 57KB

.data
Size: 20KB - Virtual size: 16KB

.rsrc
Size: 12KB - Virtual size: 11KB