8505676e1879826fcb2242f7a9935324_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8505676e1879826fcb2242f7a9935324_JaffaCakes118
Size

628KB
MD5

8505676e1879826fcb2242f7a9935324
SHA1

e12f69c9791a8eeb2fb334bf46cc07ff11c54559
SHA256

07ad5b9d0f28a98161305ceb8587f0c69ec4225d113ac8871cb1f8f3051d9717
SHA512

4d0f0ea73ffbcef6a5a5047531f3719965171871df8b01e680d8e7a66f8c49971c24006ff0f03c8f3d95e5b46ef44234607e85351e70cb065ab3a7f19a1c15ac
SSDEEP

12288:uYGzh9a/SEm15YgEIoUKCm9vuz76iK9KGdVhD/PReg:uYB/SL15QUt7DKgaVB4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8505676e1879826fcb2242f7a9935324_JaffaCakes118

Files

8505676e1879826fcb2242f7a9935324_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f54ba46c3e9dc83376b4193d71a67a20

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

wcslen
swscanf
_wgetcwd
_wgetenv
_wcsicmp
tolower
wprintf
realloc
_wtol
wcsncpy
wcscmp
_vsnwprintf
_snwprintf
_except_handler3
_wmakepath
_wtoi
isprint
free
swprintf
isdigit
memmove
_exit
_XcptFilter
exit
__p___initenv
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
calloc
wcscpy
_wsplitpath
wcscat
_controlfp
__set_app_type

advapi32

RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyExW
RegQueryValueExW
OpenProcessToken
GetUserNameW
LookupPrivilegeValueW
ClearEventLogW
OpenEventLogW
CloseEventLog
DeregisterEventSource
ReportEventW
RegDeleteValueW
AdjustTokenPrivileges
RegCreateKeyExW
ReadEventLogW
RegCloseKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegisterEventSourceW

kernel32

LocalAlloc
ResumeThread
GetPriorityClass
RaiseException
VirtualAlloc
GetThreadPriority
FreeLibrary
GetVersionExA
DeleteFileW
MultiByteToWideChar
ExpandEnvironmentStringsW
SetThreadContext
FindResourceExW
LoadResource
LockResource
GetFileAttributesW
CreateDirectoryW
GetModuleHandleW
GetLastError
ContinueDebugEvent
SetEvent
CloseHandle
WaitForSingleObject
CreateThread
WaitForDebugEvent
SetErrorMode
ExitProcess
GetDateFormatW
GetLocalTime
DebugActiveProcess
InterlockedExchange
GetCurrentProcess
GetVersion
GetSystemInfo
Sleep
GetComputerNameW
TerminateProcess
OpenProcess
FormatMessageW
ReadProcessMemory
GetCommandLineW
GetThreadContext
VirtualFree
VirtualQueryEx
LoadLibraryA
DelayLoadFailureHook
TerminateThread
GetProcAddress
SuspendThread
LocalFree
SetFilePointer
GetModuleFileNameW
CreateFileW
WriteFile
WideCharToMultiByte
ReleaseSemaphore
CreateSemaphoreW
OpenSemaphoreW
ReadFile

dbghelp

SymGetModuleInfo
SymLoadModule
SymGetSymFromAddr
StackWalk
SymEnumerateSymbolsW
SymSetSearchPath
SymInitialize
SymGetModuleInfoW
SymFunctionTableAccess

Sections

.text
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 572KB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f54ba46c3e9dc83376b4193d71a67a20

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

advapi32

kernel32

dbghelp

Sections

.text Size: 43KB - Virtual size: 43KB

.data Size: 11KB - Virtual size: 18KB

.rsrc Size: 572KB - Virtual size: 2.3MB

.text
Size: 43KB - Virtual size: 43KB

.data
Size: 11KB - Virtual size: 18KB

.rsrc
Size: 572KB - Virtual size: 2.3MB