033a5233d40c6334820aeb1f24ed3fcf_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

033a5233d40c6334820aeb1f24ed3fcf_JaffaCakes118
Size

483KB
MD5

033a5233d40c6334820aeb1f24ed3fcf
SHA1

327a64edb8b4b464de08148a0e98b22fa22b7b5c
SHA256

0ebc49821041579d18dae841e1ad1ca3b59b4504af3f175494b9d917d5a9a12d
SHA512

b8aa3e0c068cc4c14a647cafbb1e4c29309eb502f3861dfb760f52941137ce47f6ae0b38841890e2507df8bc0a9fa66b21306a2ede3ddb516bde71e86ef2ff5f
SSDEEP

12288:umD2GHkoYpX9t8wEVndIcXT7VePOM+g9zlXm30jB6:umKgkoIX9t8wEVdIMVePOMtFCS6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
033a5233d40c6334820aeb1f24ed3fcf_JaffaCakes118

Files

033a5233d40c6334820aeb1f24ed3fcf_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cc213b24a4017f3b3e1288498a134a6d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

LookupPrivilegeNameA
RegEnumValueA
LogonUserA
RegOpenKeyExW
CryptGetHashParam
DuplicateTokenEx
InitiateSystemShutdownW
RegEnumKeyExW
LookupPrivilegeValueA
RegLoadKeyW
RegQueryValueA
CryptReleaseContext
CryptGetDefaultProviderW
CryptGenKey
RegDeleteKeyW
CreateServiceW
CryptEnumProviderTypesA
LookupAccountNameA
CryptDeriveKey
RegLoadKeyA
RegEnumKeyExA
RegConnectRegistryW
RegFlushKey
RegDeleteValueA

kernel32

GetStringTypeW
GetSystemTimeAsFileTime
TlsAlloc
InitializeCriticalSection
HeapDestroy
LCMapStringA
VirtualFree
GetACP
GetCurrentProcess
InterlockedExchange
LoadLibraryA
GetCurrentProcessId
SetStdHandle
GetTickCount
VirtualAlloc
FlushFileBuffers
SetHandleCount
MultiByteToWideChar
GetSystemTime
GetEnvironmentStrings
ReadFile
SetFilePointer
GetStdHandle
GetStartupInfoA
FreeEnvironmentStringsA
InterlockedIncrement
GetLocalTime
EnterCriticalSection
LCMapStringW
CompareStringA
GetProcAddress
DeleteCriticalSection
GetModuleHandleA
TlsSetValue
HeapFree
GetOEMCP
GetTimeZoneInformation
GetFileType
GetCurrentThreadId
GetModuleFileNameA
GetCPInfo
IsBadWritePtr
CompareStringW
GetNamedPipeHandleStateW
CloseHandle
GetLastError
WriteFile
TlsFree
UnhandledExceptionFilter
RtlUnwind
WideCharToMultiByte
ExitProcess
SetEnvironmentVariableA
GetVersion
GetEnvironmentStringsW
LeaveCriticalSection
TlsGetValue
GetCurrentThread
FreeEnvironmentStringsW
VirtualQuery
QueryPerformanceCounter
OpenMutexA
GetStringTypeA
GetCommandLineA
HeapReAlloc
HeapAlloc
SetLastError
HeapCreate
TerminateProcess
CreateMutexA
InterlockedDecrement

comctl32

InitCommonControlsEx

user32

SetMenu
RegisterClassExA
GetMenuItemInfoA
LoadCursorA
SetClassWord
CharUpperBuffW
RegisterClassA

shell32

FreeIconList
RealShellExecuteA
SHInvokePrinterCommandW

Sections

.text
Size: 153KB - Virtual size: 153KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 312KB - Virtual size: 312KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cc213b24a4017f3b3e1288498a134a6d

Headers

File Characteristics

Imports

advapi32

kernel32

comctl32

user32

shell32

Sections

.text Size: 153KB - Virtual size: 153KB

.rdata Size: 4KB - Virtual size: 16KB

.data Size: 312KB - Virtual size: 312KB

.rsrc Size: 12KB - Virtual size: 11KB

.text
Size: 153KB - Virtual size: 153KB

.rdata
Size: 4KB - Virtual size: 16KB

.data
Size: 312KB - Virtual size: 312KB

.rsrc
Size: 12KB - Virtual size: 11KB