eac17f4e9e13a215959b5fe65d4d2b36_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

eac17f4e9e13a215959b5fe65d4d2b36_JaffaCakes118
Size

194KB
MD5

eac17f4e9e13a215959b5fe65d4d2b36
SHA1

7504e60832df6940da7a31bb77702036bcf7417a
SHA256

7ed4502ac78ad57f852c27327a1000902cd84cdd85ca31c8e75256f536f2937a
SHA512

ddc725d0955a754d0da7c81adf308f0da26eb7b11d14e48b509ab8c45f31f576375a660573bb5fed964a9152c36e8f63a7561f4c8ff6a98b0a0b3df5975b96dd
SSDEEP

3072:i9SqN0wcxvkl/zbS1re5uoMGyIk9zL3zBurFIy3X9HU1RdD:CSqNu2VbSd1o9AFVHyd0/dD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eac17f4e9e13a215959b5fe65d4d2b36_JaffaCakes118

Files

eac17f4e9e13a215959b5fe65d4d2b36_JaffaCakes118
.exe windows:6 windows x64 arch:x64

2c5ebb70601073bee71723b70753847f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shell32

SHGetSpecialFolderPathA
SHGetFolderPathA

kernel32

CreateToolhelp32Snapshot
Process32First
GetCurrentProcessId
OpenProcess
Process32Next
CreateSemaphoreA
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
CreateThread
WaitForSingleObject
TerminateThread
GetCurrentThread
ReleaseSemaphore
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
OpenMutexA
CreateMutexA
InitializeCriticalSection
CreateProcessA
EnterCriticalSection
LeaveCriticalSection
SetThreadPriority
GetProcessId
GetTickCount
VirtualQueryEx
ReadProcessMemory
GetCurrentProcess
IsWow64Process
CreateNamedPipeA
ConnectNamedPipe
ReadFile
DisconnectNamedPipe
WriteFile
CallNamedPipeA
WaitNamedPipeA
GetFileSize
IsValidCodePage
CopyFileA
Sleep
TerminateProcess
DeleteFileA
CloseHandle
CreateFileA
GetLastError
CreateDirectoryA
GetFileAttributesA
GetModuleFileNameA
GetComputerNameA
GetVolumeInformationA
FreeEnvironmentStringsW
GetACP
SetEnvironmentVariableW
DeleteCriticalSection
WriteConsoleW
SetEndOfFile
FindNextFileW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
HeapSize
FlushFileBuffers
CreateFileW
GetProcessHeap
GetStringTypeW
SetStdHandle
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RaiseException
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
GetModuleFileNameW
SetFilePointerEx
GetFileType
GetConsoleMode
ReadConsoleW
HeapAlloc
HeapFree
GetConsoleOutputCP
GetFileSizeEx
CompareStringW
LCMapStringW
HeapReAlloc
FindClose
FindFirstFileExW
GetOEMCP

advapi32

DeleteService
ControlService
OpenServiceA
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
StartServiceA
CloseServiceHandle
CreateServiceA
OpenSCManagerA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegSetValueExA
RegCreateKeyExA

urlmon

URLDownloadToFileA

wininet

HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetReadFile
InternetOpenA
InternetCloseHandle

ntdll

RtlPcToFileHeader
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlUnwindEx
RtlCaptureContext

Sections

.text
Size: 126KB - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2c5ebb70601073bee71723b70753847f

Headers

DLL Characteristics

File Characteristics

Imports

shell32

kernel32

advapi32

urlmon

wininet

ntdll

Sections

.text Size: 126KB - Virtual size: 125KB

.rdata Size: 49KB - Virtual size: 49KB

.data Size: 9KB - Virtual size: 14KB

.pdata Size: 6KB - Virtual size: 5KB

_RDATA Size: 512B - Virtual size: 244B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 126KB - Virtual size: 125KB

.rdata
Size: 49KB - Virtual size: 49KB

.data
Size: 9KB - Virtual size: 14KB

.pdata
Size: 6KB - Virtual size: 5KB

_RDATA
Size: 512B - Virtual size: 244B

.reloc
Size: 2KB - Virtual size: 1KB