6c2954c3697caaab97f6c0572e37b7e1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6c2954c3697caaab97f6c0572e37b7e1_JaffaCakes118
Size

1.0MB
MD5

6c2954c3697caaab97f6c0572e37b7e1
SHA1

24c77d8c11aa7a1be2d791d51b6d1ed3e11680d0
SHA256

0ea60a3f55b6cf509dcaa1ec2c69a77c13ae9582211e3f5828adbc9f44009f1f
SHA512

86a6dba49a0000f23421a2073370b833d328509d8f4ac3a42a5a30e6ae77aa83121c3ae106653999b66239d0afdaab14c378c882e43218f44f037eda8f112db3
SSDEEP

12288:1IDQLXwE0sQJgyuEm+OrhrW+quEFnsNxkgb:6QbYPy9rW+quEFnsHkgb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6c2954c3697caaab97f6c0572e37b7e1_JaffaCakes118

Files

6c2954c3697caaab97f6c0572e37b7e1_JaffaCakes118
.exe windows:6 windows x86 arch:x86

693026b02fb44ca8241c911be28d0a14

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtOpenThread
NtFlushInstructionCache
NtQuerySystemInformation
NtFreeVirtualMemory
RtlUnwind
NtAllocateVirtualMemory
NtClose
NtProtectVirtualMemory
NtSetContextThread
NtResumeThread
NtSuspendThread
NtResumeProcess
VerSetConditionMask
NtGetContextThread
NtTerminateProcess

kernel32

ReadFile
CloseHandle
Sleep
CreateThread
GetProcAddress
GetLastError
FormatMessageW
GetCurrentThreadId
SetEvent
CreateEventA
OpenEventA
GetCommandLineW
SetCurrentDirectoryW
WaitForSingleObject
CreateProcessW
LoadLibraryW
SetDllDirectoryW
GetCurrentProcessId
OpenThread
ResumeThread
OpenMutexA
GetStdHandle
SetThreadPriority
GetThreadPriority
GetExitCodeThread
ProcessIdToSessionId
GetTickCount
GetModuleHandleA
VerifyVersionInfoW
MultiByteToWideChar
WideCharToMultiByte
GetProcessHeap
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
CreateFileW
VirtualProtect
VirtualAlloc
GetCurrentThread
ExitProcess
AddVectoredExceptionHandler
WriteConsoleW
ReadConsoleW
GetFileAttributesW
SetEndOfFile
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
HeapSize
SetFilePointerEx
GetFileSizeEx
GetFileType
HeapReAlloc
HeapFree
HeapAlloc
GetModuleHandleExW
GetModuleFileNameW
WriteFile
LoadLibraryExW
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
GetStringTypeW
EncodePointer
DecodePointer
GetCPInfo
SetLastError
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CompareStringW
LCMapStringW
GetLocaleInfoW
RaiseException

user32

GetAsyncKeyState
MessageBoxA
MessageBoxW
IsWindowVisible
GetWindowTextA
GetWindowTextW
EnumChildWindows
EnumWindows
GetClassNameA
GetClassNameW
GetWindowThreadProcessId

advapi32

QueryServiceStatus
OpenServiceW
OpenSCManagerW
ControlService
CloseServiceHandle
GetUserNameW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
ConvertStringSecurityDescriptorToSecurityDescriptorA

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW
WTSEnumerateSessionsW

Exports

Exports

AmdPowerXpressRequestHighPerformance
Brainstorm
NvOptimusEnablement

Sections

.text
Size: 306KB - Virtual size: 305KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 353KB - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 512B - Virtual size: 1B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vw0
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 363KB - Virtual size: 362KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

693026b02fb44ca8241c911be28d0a14

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

user32

advapi32

wtsapi32

Exports

Exports

Sections

.text Size: 306KB - Virtual size: 305KB

.rdata Size: 353KB - Virtual size: 352KB

.data Size: 5KB - Virtual size: 8KB

.shared Size: 512B - Virtual size: 1B

.vw0 Size: 9KB - Virtual size: 8KB

.rsrc Size: 363KB - Virtual size: 362KB

.text
Size: 306KB - Virtual size: 305KB

.rdata
Size: 353KB - Virtual size: 352KB

.data
Size: 5KB - Virtual size: 8KB

.shared
Size: 512B - Virtual size: 1B

.vw0
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 363KB - Virtual size: 362KB