e81597b5926ba04b39e3f0cbc82a7489_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e81597b5926ba04b39e3f0cbc82a7489_JaffaCakes118
Size

304KB
MD5

e81597b5926ba04b39e3f0cbc82a7489
SHA1

a5cbff0542959cf7ded43db7f9997e790ee2cb05
SHA256

11ec01e70d2186991d974583fb20b9328aba48f8acd5eb28eec80692621931a2
SHA512

26ee2061384a39a6e47d5288befc994cdb95ae8893fbeb6c825522bde81c416e551345046c8a2a6dd970f6d34349098faae9ef9b2e1b651bb5c757891672b18f
SSDEEP

6144:ftaK1iCzqRDgaE1o71bliASplR29yPhdx2h23FKBRcPsLh+0:s4iCqgN1o715BSHR29yZTFKBRx9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e81597b5926ba04b39e3f0cbc82a7489_JaffaCakes118

Files

e81597b5926ba04b39e3f0cbc82a7489_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5ba67bc8f8c91df96f20e3813983b9d3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSCWriteProviderOrder
WSCDeinstallProvider
WSAStartup
WSCGetProviderPath
WSCEnumProtocols
WSACleanup
WSCInstallProvider

advapi32

SetSecurityDescriptorDacl
RegOpenKeyExW
RegDeleteValueW
RegQueryValueExW
RegQueryInfoKeyW
RegSetValueExW
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
InitializeSecurityDescriptor

rpcrt4

UuidCreate

ole32

StringFromGUID2

kernel32

SetStdHandle
WriteFile
VirtualAlloc
GetOEMCP
WideCharToMultiByte
IsValidCodePage
SetHandleCount
SetFilePointer
TlsAlloc
GetModuleHandleA
UnhandledExceptionFilter
IsValidLocale
DeleteCriticalSection
GetUserDefaultLCID
WriteConsoleW
TlsGetValue
FileTimeToSystemTime
InitializeCriticalSectionAndSpinCount
ExpandEnvironmentStringsA
SetEndOfFile
FlushFileBuffers
CreateFileA
TlsFree
EnterCriticalSection
FreeEnvironmentStringsW
GetSystemTime
WriteConsoleA
RtlUnwind
LCMapStringA
GetACP
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
GetCommandLineA
VirtualFree
IsDebuggerPresent
HeapReAlloc
LCMapStringW
HeapFree
GetStdHandle
SetUnhandledExceptionFilter
GetFileType
HeapDestroy
EnumSystemLocalesA
GetTimeFormatA
TlsSetValue
ReadFile
GetConsoleCP
GetSystemTimeAsFileTime
GetProcessHeap
GetSystemDirectoryA
FreeLibrary
HeapAlloc
FreeEnvironmentStringsA
CloseHandle
GetModuleHandleW
HeapSize
GetTempPathA
LeaveCriticalSection
GetCurrentThreadId
GetConsoleOutputCP
SetLastError
RaiseException
GetConsoleMode
GetCurrentProcess

cmutil

CmAtolA
CmLoadImageW
CmStrTrimW
CmLoadIconW
CmRealloc
WzToSzWithAlloc
CmLoadIconA

kbdsg

KbdLayerDescriptor

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 280KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5ba67bc8f8c91df96f20e3813983b9d3

Headers

File Characteristics

Imports

ws2_32

advapi32

rpcrt4

ole32

kernel32

cmutil

kbdsg

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 280KB - Virtual size: 1.0MB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 280KB - Virtual size: 1.0MB

.rsrc
Size: 512B - Virtual size: 4KB