2c163be10c2dcd9b96243bd8175889d4_JaffaCakes118

General

Target

2c163be10c2dcd9b96243bd8175889d4_JaffaCakes118
Size

659KB
MD5

2c163be10c2dcd9b96243bd8175889d4
SHA1

d086fe8bbd8b7129d89dc1cfcb8a8175a6445b29
SHA256

a4bb7f498946155aaf1f6724dc6c37b7a149a369d4e5af724f3794c34629f371
SHA512

350f8c56929d87d0caa0993c5b6a6a2e6d9f7d753ad5e94a36538fbf2b5669c3dadba0866d22d1d5f8f4be6a4eae82672cd5ed378535c07c7e51c88e4e5b436f
SSDEEP

12288:DBBph23Ks1mQnWattmsbMVSH05SxQiEQ9jmE56:DBBK3p0RzYa+E

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2c163be10c2dcd9b96243bd8175889d4_JaffaCakes118

Files

2c163be10c2dcd9b96243bd8175889d4_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e0cd36fc4e4f4032fc5cd3323a14cac0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegEnumKeyW
OpenEventLogW
ClearEventLogA
LogonUserW
InitializeAcl
CryptSignHashW
RegOpenKeyA
ControlService
RegReplaceKeyW
RegSaveKeyA
RegCreateKeyExW
RegUnLoadKeyA

authz

AuthzAddSidsToContext
AuthzInitializeContextFromSid

uxtheme

GetWindowTheme
GetThemeAppProperties
DrawThemeText
GetThemeBackgroundExtent
GetThemeSysFont
GetThemeSysInt
GetThemePosition
IsThemeActive
GetCurrentThemeName
GetThemeFilename
GetThemeEnumValue
CloseThemeData
GetThemeSysBool
GetThemeBackgroundRegion

wtsapi32

WTSFreeMemory
WTSSetSessionInformationW
WTSVirtualChannelRead
WTSWaitSystemEvent
WTSRegisterSessionNotification
WTSQueryUserToken
WTSVirtualChannelPurgeInput
WTSQuerySessionInformationA
WTSSetUserConfigW
WTSEnumerateSessionsW
WTSEnumerateServersA

kernel32

WaitForSingleObject
CreateJobObjectW
GetProcAddress
GetStringTypeW
OpenSemaphoreW
InitializeCriticalSection
GetCommandLineW
MoveFileA
GetModuleHandleA
GetTempPathA
ReadConsoleA
GetProfileSectionA
GetSystemDirectoryA
CreateMailslotA
CreateFileW
GetLogicalDriveStringsA
GetModuleFileNameW
UnmapViewOfFile
GetDateFormatA
GetVersion
LoadLibraryExA
GetExpandedNameA
lstrcmpiA
DeleteFileW
SearchPathW
GetTickCount
GetFileAttributesW
MoveFileExA
GetConsoleAliasA

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 566KB - Virtual size: 566KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e0cd36fc4e4f4032fc5cd3323a14cac0

Headers

File Characteristics

Imports

advapi32

authz

uxtheme

wtsapi32

kernel32

Sections

.text Size: 48KB - Virtual size: 48KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 30KB - Virtual size: 29KB

.rsrc Size: 566KB - Virtual size: 566KB

.text
Size: 48KB - Virtual size: 48KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 30KB - Virtual size: 29KB

.rsrc
Size: 566KB - Virtual size: 566KB