521e1cb95c9e119d41c362e941613aaf_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

521e1cb95c9e119d41c362e941613aaf_JaffaCakes118
Size

44KB
MD5

521e1cb95c9e119d41c362e941613aaf
SHA1

649d1ab0b99ebbc6e587a836318d544ab6782819
SHA256

e1edf14f7207654bc3aad19fe33d576b00bf68ced6df6403c0d92eb7cfcb7f27
SHA512

b59f5fd19fe1f400e933cfed45ffeda17838fe5c4bf08843a2faa47fa635ba6f0c19c6f8a1c5f6c1cd9910e34ee37d5f5b994c7bf1141cf4786a1a89535f20d6
SSDEEP

768:3/hXUbc1AK2n66KDHb/Io8IDQLGVaE9GPro0mkfrpjd9Gom7qk:PhXUbVK26HDHb/2I8LGVBYPrDmmrRdHC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
521e1cb95c9e119d41c362e941613aaf_JaffaCakes118

Files

521e1cb95c9e119d41c362e941613aaf_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b90daff85bd94a44e1b7ba9611a2dfa7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WritePrivateProfileSectionA
WaitForMultipleObjectsEx
GetModuleHandleA
DosDateTimeToFileTime
Thread32Next
GetVolumePathNameW
GetEnvironmentVariableA
CreateTimerQueue
SetCurrentDirectoryW
GetThreadTimes
RtlCaptureContext
VirtualAlloc
ConvertDefaultLocale
LZRead
GlobalFindAtomW
GetUserDefaultLCID
SetConsoleCursorInfo
SetVolumeLabelA
GetFileAttributesExA
WriteFileEx
GetDefaultCommConfigW
lstrcpyn
GetSystemWindowsDirectoryA
SetUnhandledExceptionFilter
GetSystemDefaultLCID
ShowConsoleCursor
GetCPInfoExW
ExitProcess
IsValidLocale
HeapFree
GetProcessAffinityMask
SetClientTimeZoneInformation
GetCommandLineA
GetLocalTime
Process32Next
LoadLibraryA
GetShortPathNameW
CreateSemaphoreA
CreateActCtxA
GetSystemTimeAsFileTime
GetCurrentProcessId
CreateFileA
ExpungeConsoleCommandHistoryW
RtlZeroMemory

ntdll

RtlQueryTagHeap
NtReleaseSemaphore
NtSetLowWaitHighEventPair
NtQueryTimerResolution
_atoi64
ZwFlushBuffersFile
NtSetValueKey
RtlInsertElementGenericTableAvl
_i64tow
NtCreateMailslotFile
RtlUpcaseUnicodeChar
RtlGetControlSecurityDescriptor
RtlGetGroupSecurityDescriptor
ZwMapViewOfSection
RtlFindSetBits
NtResetEvent
LdrQueryImageFileExecutionOptions
RtlTraceDatabaseFind
RtlAddAuditAccessObjectAce
RtlAnsiStringToUnicodeString
RtlAdjustPrivilege
ZwReplyPort
RtlUnicodeToMultiByteN
RtlValidAcl
strpbrk
_CIsin
NtFlushWriteBuffer
towupper
RtlFindSetBitsAndClear
ZwYieldExecution
RtlEmptyAtomTable
NtQueryIoCompletion
RtlLookupElementGenericTable

oleaut32

VarI2FromDec
VarDecAdd
SafeArrayAllocData
VarCySub
VarUI2FromI2
VarI4FromI2
CreateStdDispatch
VarCyCmpR8
SafeArraySetIID
SysReAllocString
VarR8FromUI2
SysStringLen
VarUI4FromR4
VarUI4FromDate
VarUI1FromR4
VarI8FromUI2
VarDateFromUI4
VarBoolFromR4
DispGetParam
VarUI2FromBool
VarCyFromI4
VarR4CmpR8
SafeArrayGetElement
OaBuildVersion
GetRecordInfoFromTypeInfo
VarUI2FromDisp
VarCyFromUI8
VarI2FromI4
VarBstrFromDisp
VarDateFromI8
OleIconToCursor
CreateTypeLib
VarI8FromI1
VarI1FromR8
VarDecFromI4

rastls

RasEapGetIdentity
RasEapInvokeInteractiveUI
RasEapFreeMemory
RasEapGetInfo
RasEapInvokeConfigUI

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b90daff85bd94a44e1b7ba9611a2dfa7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ntdll

oleaut32

rastls

Sections

.text Size: 36KB - Virtual size: 35KB

.rdata Size: 6KB - Virtual size: 5KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 36KB - Virtual size: 35KB

.rdata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB