923196b92a38a87115f76bcddebc3a07_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

923196b92a38a87115f76bcddebc3a07_JaffaCakes118
Size

598KB
MD5

923196b92a38a87115f76bcddebc3a07
SHA1

021923d9d78df4ce1ded4f03635700079b8f9474
SHA256

aa7329411de973b39ae9a7fde6013aaef9b632723706290bd963d2a612138207
SHA512

82598731f854a1765c8c36e7e43f2f3a5e5defabbc58f6143cbe4bbe6afe0c8d1fb03c705c51a4bf9bb237dc6d8cdc0d6ad7adeda63529f8cef8fc9bfdc8a186
SSDEEP

12288:ZVlW80iSkUOvZ6qGeFbmHqTa99JmR3aV/Gfz1Hc2YJ+r8xLwVTYO:TMwbZlgHqS7m3IkZYJ+RmO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
923196b92a38a87115f76bcddebc3a07_JaffaCakes118

Files

923196b92a38a87115f76bcddebc3a07_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f812a84a1f93b1bba884c9265ed69e83

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shimeng

SE_DllLoaded
SE_ProcessDying
SE_InstallAfterInit
SE_IsShimDll

acledit

EditOwnerInfo
EditAuditInfo
SedTakeOwnership

wtsapi32

WTSQuerySessionInformationA
WTSVirtualChannelOpen
WTSRegisterSessionNotification
WTSEnumerateProcessesA
WTSVirtualChannelWrite
WTSVirtualChannelClose
WTSQueryUserToken
WTSLogoffSession
WTSOpenServerA
WTSSendMessageA
WTSSetSessionInformationA
WTSUnRegisterSessionNotification
WTSWaitSystemEvent
WTSEnumerateSessionsA
WTSVirtualChannelRead
WTSFreeMemory
WTSVirtualChannelPurgeInput

kernel32

InterlockedDecrement
SetVolumeLabelW
CreateMutexA
GetLocalTime
GetModuleHandleA
lstrcmpiA
DeviceIoControl
InterlockedExchange
GetProcAddress
GetBinaryTypeA
GetTickCount
GetDiskFreeSpaceA
QueryDosDeviceA
VirtualQuery
SetFileAttributesA
GetProcessHeap
GetFullPathNameA
SetCurrentDirectoryA
TlsGetValue
GetFileType
CompareStringA
PurgeComm
GetAtomNameA

msimg32

AlphaBlend
DllInitialize

shlwapi

UrlGetPartA
PathCombineA
UrlUnescapeA
UrlGetLocationA
UrlCompareA
PathCommonPrefixA
UrlCombineA
UrlCreateFromPathA
PathCompactPathA
UrlHashA
UrlIsOpaqueA
UrlIsNoHistoryA

user32

IsCharLowerA
IsZoomed
SetFocus
DrawIcon
LoadCursorA
GetMessageA
wsprintfA
SetCursorPos
CreateWindowExA
GetWindowTextA
PostMessageA
GetCaretPos

crypt32

CryptFindOIDInfo
CertGetNameStringA
CertCompareCertificate
CertFindCRLInStore
CertDuplicateStore
CertCreateContext
CertFindExtension
CertFindChainInStore
CertOpenStore
CertFreeCRLContext
CertControlStore
CertSaveStore
CryptEnumOIDInfo
CertCloseStore
CertCreateCRLContext
CertNameToStrA
CertDeleteCRLFromStore

Sections

.text
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 522KB - Virtual size: 521KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f812a84a1f93b1bba884c9265ed69e83

Headers

File Characteristics

Imports

shimeng

acledit

wtsapi32

kernel32

msimg32

shlwapi

user32

crypt32

Sections

.text Size: 61KB - Virtual size: 61KB

.data Size: 3KB - Virtual size: 3KB

.rsrc Size: 522KB - Virtual size: 521KB

.reloc Size: 10KB - Virtual size: 9KB

.text
Size: 61KB - Virtual size: 61KB

.data
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 522KB - Virtual size: 521KB

.reloc
Size: 10KB - Virtual size: 9KB