e86b0013c78889620e07e8f2364fcda0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e86b0013c78889620e07e8f2364fcda0_JaffaCakes118
Size

155KB
MD5

e86b0013c78889620e07e8f2364fcda0
SHA1

7e20acdcabe2d66fd2ad1b289a742037a44f73f0
SHA256

70b4055df9e4bbd810f4d36c7d09cdb3f274016e91c66230d9a1ed986b2c8fc7
SHA512

ecca7eab5aee9fc62e66b35819d4e7a9ccc1fec92b3cba3471dcaf3e28a9e0cbb55561cef42ee6bb9d85a9c695e19bf2b935d3c91352c22e21907f81612a6f94
SSDEEP

3072:vSyGjKnfndLxyocD3Vv4Yv8IAnYklmwg43SoQCtjo5voQqPjhj:vSyGGnf9xrcD3Pv8tV9Xhtjo5v8rhj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e86b0013c78889620e07e8f2364fcda0_JaffaCakes118

Files

e86b0013c78889620e07e8f2364fcda0_JaffaCakes118
.exe windows:1 windows x86 arch:x86

f9f7b454e2f2559e4e72f7c037e79018

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

ShellExecuteW

kernel32

GetProcAddress
WriteFile
FindClose
FindFirstFileA
lstrcatW
GetLocaleInfoA
CloseHandle
Sleep
GetSystemDefaultLCID
GetModuleFileNameA
ReadFileScatter
GetSystemDirectoryW
HeapLock
GetWindowsDirectoryA
GetTimeZoneInformation
GetModuleHandleExW
FindNextFileA
EnterCriticalSection
OpenProcess
GetCurrentProcess
CopyFileA
GetNumaProcessorNode
GetUserDefaultUILanguage
EncodeSystemPointer
OpenThread
lstrcpyW
GetLastError
LeaveCriticalSection
VirtualFree
lstrcpyA
GetSystemDirectoryA
EnumCalendarInfoExA
InitializeCriticalSection
VirtualAlloc
GetModuleHandleA
WriteConsoleOutputCharacterA
TlsSetValue
lstrcatA
ZombifyActCtx
GetHandleInformation
DeleteFileA
CreateFileA
SetNamedPipeHandleState
OpenMutexA
GetTempFileNameW
DeleteFileW
ReadFile
OpenJobObjectA
CreateSemaphoreA
DuplicateHandle
GetFileSizeEx
WriteProfileStringW
GetTickCount
CreateFileW

advapi32

RegOpenKeyA
RegCloseKey
LsaICLookupNames
EnumServicesStatusA
LookupPrivilegeValueA
OpenProcessToken
CloseServiceHandle
CryptGetDefaultProviderW
RegSetValueExA
ElfNumberOfRecords
BuildSecurityDescriptorW
BuildSecurityDescriptorA
OpenSCManagerA
RegQueryValueExA
RegCreateKeyA
AdjustTokenPrivileges

ntdll

vsprintf
tolower
strlen
sprintf
RtlAnsiStringToUnicodeString
NtQuerySystemInformation
isdigit
strncmp
memcpy
wcsstr
_chkstk
strstr
isspace
NtQueryObject
memset
RtlInitAnsiString
RtlFreeUnicodeString
ZwLoadDriver

psapi

GetProcessImageFileNameA
EnumProcesses

ws2_32

WSCUpdateProvider
htonl
send
inet_addr
__WSAFDIsSet
WSAStartup
select
WSAHtons
socket
getaddrinfo
closesocket
connect
htons
ntohs
recv
gethostbyname

ole32

CoCreateGuid

user32

CharLowerW
ExitWindowsEx
CreateWindowExW

Sections

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 407B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f9f7b454e2f2559e4e72f7c037e79018

Headers

File Characteristics

Imports

shell32

kernel32

advapi32

ntdll

psapi

ws2_32

ole32

user32

Sections

.data Size: 16KB - Virtual size: 16KB

.text Size: 512B - Virtual size: 407B

.idata Size: 3KB - Virtual size: 2KB

.data
Size: 16KB - Virtual size: 16KB

.text
Size: 512B - Virtual size: 407B

.idata
Size: 3KB - Virtual size: 2KB