55399e89d04745d4ed55bd42808c4ada_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

55399e89d04745d4ed55bd42808c4ada_JaffaCakes118
Size

254KB
MD5

55399e89d04745d4ed55bd42808c4ada
SHA1

442965482e30e31c073643588d53704aea458681
SHA256

66c224a036f61158a8b73b7afbe8149a5fb3f42b8d684952369a6e8030b6fcf4
SHA512

5d51d96f96279d92bb65c722950e742c7a79d21223f209afcfc4739ba109598ac117d167265218c5b1c05ee5fe96ce4f6d19dd8386f4e3af2f8b657cbd787c99
SSDEEP

6144:roRAgaL8J0IN95ccRQPXNBjv6D17F23nS:roCgn0INT3y/NBbW6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
55399e89d04745d4ed55bd42808c4ada_JaffaCakes118

Files

55399e89d04745d4ed55bd42808c4ada_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f5a3262b2bb212ba74bdda1d7369080b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

inet_addr
ioctlsocket

shell32

SHGetFileInfoA

comdlg32

GetOpenFileNameW

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

kernel32

WideCharToMultiByte
lstrcmpiA
HeapAlloc
OutputDebugStringA
FormatMessageA
GetCommandLineW
SetLastError
GetSystemDirectoryA
SystemTimeToTzSpecificLocalTime
CloseHandle
GetTimeZoneInformation
GetWindowsDirectoryA
HeapFree
GetProcessHeap
GetCurrentThreadId
DeleteCriticalSection
LoadLibraryExA
LocalFree
GetModuleHandleA
FreeLibrary
FileTimeToSystemTime
GetCurrentDirectoryA
VirtualAllocEx

oleaut32

SysAllocStringLen
SysFreeString

user32

LockWindowUpdate
EnumThreadWindows
LoadIconA
DestroyIcon
SetFocus
PostMessageA
GetSystemMetrics
DrawIconEx

ole32

CoInitialize
CoUninitialize
CoCreateInstance

advapi32

RegCloseKey
EqualSid
AllocateAndInitializeSid
RegOpenKeyExA
GetTokenInformation
FreeSid
RegQueryValueExA
OpenProcessToken

winspool.drv

OpenPrinterW
AddJobA
AddPrintProvidorW
DeletePrintProcessorW
FindFirstPrinterChangeNotification
GetJobA
EnumPrinterKeyW
StartPagePrinter
AddFormA
GetFormA
EnumPrinterDataA
EnumPrinterDataExA
AddPrintProcessorW
DeleteMonitorW
AddPortExW
DeletePrinterDataW
EnumPrinterDriversW

fontsub

MergeFontPackage

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.lwHPvdw
Size: 1024B - Virtual size: 851B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qAbmC
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idEvcM
Size: 1024B - Virtual size: 986B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.jHmBHBG
Size: 512B - Virtual size: 311B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.olCwoL
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zkTVbsE
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pUzBO
Size: 104KB - Virtual size: 947KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 110KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.HuyUpSi
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bVHo
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.VmJzep
Size: 512B - Virtual size: 251B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.TDJw
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f5a3262b2bb212ba74bdda1d7369080b

Headers

DLL Characteristics

File Characteristics

Imports

wsock32

shell32

comdlg32

version

kernel32

oleaut32

user32

ole32

advapi32

winspool.drv

fontsub

Sections

.text Size: 19KB - Virtual size: 18KB

.lwHPvdw Size: 1024B - Virtual size: 851B

.qAbmC Size: 1KB - Virtual size: 1KB

.idEvcM Size: 1024B - Virtual size: 986B

.jHmBHBG Size: 512B - Virtual size: 311B

.rdata Size: 2KB - Virtual size: 2KB

.olCwoL Size: 2KB - Virtual size: 1KB

.zkTVbsE Size: 2KB - Virtual size: 1KB

.pUzBO Size: 104KB - Virtual size: 947KB

.data Size: 110KB - Virtual size: 1.3MB

.HuyUpSi Size: 2KB - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 1KB

.bVHo Size: 3KB - Virtual size: 2KB

.VmJzep Size: 512B - Virtual size: 251B

.TDJw Size: 2KB - Virtual size: 1KB

.text
Size: 19KB - Virtual size: 18KB

.lwHPvdw
Size: 1024B - Virtual size: 851B

.qAbmC
Size: 1KB - Virtual size: 1KB

.idEvcM
Size: 1024B - Virtual size: 986B

.jHmBHBG
Size: 512B - Virtual size: 311B

.rdata
Size: 2KB - Virtual size: 2KB

.olCwoL
Size: 2KB - Virtual size: 1KB

.zkTVbsE
Size: 2KB - Virtual size: 1KB

.pUzBO
Size: 104KB - Virtual size: 947KB

.data
Size: 110KB - Virtual size: 1.3MB

.HuyUpSi
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 1KB

.bVHo
Size: 3KB - Virtual size: 2KB

.VmJzep
Size: 512B - Virtual size: 251B

.TDJw
Size: 2KB - Virtual size: 1KB