f41ccbd8f8d2eff0c3f08eb574637a68_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

f41ccbd8f8d2eff0c3f08eb574637a68_JaffaCakes118
Size

158KB
MD5

f41ccbd8f8d2eff0c3f08eb574637a68
SHA1

09882ce230d52cadcf560c0be744da9a2d48661c
SHA256

0712c54c729005961095db67e35452c44cebd00e8656e4778648856157b43afd
SHA512

e2b7e9d974b67011c3710a1d00d38d382560b11584aa3c3ac93e2bbd81fa235c21dd9583aed0ee89ab5c96e81fc0c66e2d16d48d3dc45c9b30dd6407d448140a
SSDEEP

3072:ClA6KbpA+Gpl7zYRi3+Cni/uUwUAJbHte/MEfjPDh:ClHKbm+GplARi9iD05UUEjDh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f41ccbd8f8d2eff0c3f08eb574637a68_JaffaCakes118

Files

f41ccbd8f8d2eff0c3f08eb574637a68_JaffaCakes118
.exe windows:5 windows x86 arch:x86

120fa0dd5f762b1a255cfa04eda09cc6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

BackupWrite
SetFileTime
DeleteFileA
SystemTimeToFileTime
HeapFree
GetFileAttributesA
QueryDosDeviceA
GetCommandLineA
DeviceIoControl
SetEvent
CreateProcessA
SetThreadAffinityMask
SetFileAttributesA
SetEndOfFile
SetErrorMode
FreeLibrary
GetSystemDirectoryA
GetDriveTypeA
OpenEventA
ReadFile
GetDiskFreeSpaceA
CreateFiber
CopyFileA
GetCurrentProcessId
ExitProcess
GetSystemTime
WideCharToMultiByte
GetCurrentThreadId
RemoveDirectoryA
DeleteCriticalSection
MoveFileA
LocalFileTimeToFileTime
DosDateTimeToFileTime
VirtualQuery
GetTickCount
FindFirstFileA
Sleep
CreateEventA
MoveFileExA
GetProcessHeap
CreateThread
CreateFileA
SetHandleContext
SetUnhandledExceptionFilter
GetFileSize
EnterCriticalSection
GetProcAddress
SetFilePointer
GetVersionExA
TerminateProcess
IsDebuggerPresent
QueryPerformanceCounter
WriteFile
HeapAlloc
lstrcpynA
GetCurrentDirectoryA
ExpandEnvironmentStringsA
LeaveCriticalSection
Sleep
SetLastError
CloseHandle
FindNextFileA
FindClose
GetExitCodeProcess
GetSystemTimeAsFileTime

user32

SendDlgItemMessageA
LoadStringA
DialogBoxParamA
ShowWindow
MessageBoxA
SendMessageA
EndDialog
SetParent

shell32

SHGetPathFromIDListA
SHBrowseForFolderA

advapi32

CryptReleaseContext
AllocateAndInitializeSid
CryptAcquireContextA
AddAccessAllowedAce
InitializeSecurityDescriptor
CryptGenRandom
InitiateSystemShutdownA
SetSecurityDescriptorDacl
GetLengthSid
OpenProcessToken
GetTokenInformation
InitializeAcl

ntdll

NtAdjustPrivilegesToken
NtClose
NtOpenProcessToken
NtShutdownSystem

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hapn
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 139KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

120fa0dd5f762b1a255cfa04eda09cc6

Headers

File Characteristics

Imports

kernel32

user32

shell32

advapi32

ntdll

Sections

.text Size: 10KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 9KB

.hapn Size: 3KB - Virtual size: 3KB

.edata Size: 139KB - Virtual size: 155KB

.text
Size: 10KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 9KB

.hapn
Size: 3KB - Virtual size: 3KB

.edata
Size: 139KB - Virtual size: 155KB