084122a5cec2c1d4e4f5066f2d341dbe_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

084122a5cec2c1d4e4f5066f2d341dbe_JaffaCakes118
Size

253KB
MD5

084122a5cec2c1d4e4f5066f2d341dbe
SHA1

79cacf1bb481ea739a62cca2224aa50802373970
SHA256

45eed86510e7ade4a9e28df6b52908bdc984b54423d7ad1f14127e3b1224cfc5
SHA512

b70e6cb7d27852d38353949794f0c942f1b3eee7827c2bdf98e3dff37d48170372c9085d96812bac4896c2ff872d4429964479aaba1db9f7953bceab864a91d9
SSDEEP

6144:MdL2FUfkoVp5wgMWVtcbNMaAZMlz14ttvS5YUGWgEPTC:87fkoNwgvtYXAZMCttvS5VGhEG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
084122a5cec2c1d4e4f5066f2d341dbe_JaffaCakes118

Files

084122a5cec2c1d4e4f5066f2d341dbe_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d1a6819ac16222234bf43d969a923b06

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateSemaphoreW
WaitForMultipleObjects
GetModuleHandleW
GetVersionExW
MoveFileW
GetWindowsDirectoryW
lstrlenW
lstrcpynW
GetStartupInfoW
GetCurrentProcess
GetTimeFormatW
QueryPerformanceFrequency
GetTickCount
QueryPerformanceCounter
GetExitCodeProcess
SetErrorMode
IsBadReadPtr
RemoveDirectoryW
GetTempPathW
InitializeCriticalSection
CreateMutexW
GetCurrentProcessId
GetLocalTime
OpenEventW
LocalFree
Sleep
GetModuleFileNameW
LoadLibraryW
FreeLibrary
CreateDirectoryW
ExpandEnvironmentStringsA
GetCurrentThreadId
IsDebuggerPresent
SetUnhandledExceptionFilter
GetStartupInfoA
LoadLibraryA
GetFileAttributesW
GetVolumeInformationW
CreateEventW
GetLastError
SetEvent
GetDateFormatW
WaitForSingleObject
GetProcAddress

user32

GetForegroundWindow
wsprintfW
CharUpperW

advapi32

RegSetValueExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
GetSecurityDescriptorDacl
AdjustTokenPrivileges
BuildExplicitAccessWithNameW
FreeSid
SetEntriesInAclW
SetSecurityInfo
AllocateAndInitializeSid
GetSecurityInfo
LookupPrivilegeValueW
CreateProcessAsUserW
EqualSid
GetTokenInformation
GetSidSubAuthorityCount
GetUserNameW
GetSidSubAuthority
OpenProcessToken
GetSidIdentifierAuthority
LookupAccountSidW
ReportEventW
RegisterServiceCtrlHandlerW
SetServiceStatus
DeregisterEventSource
StartServiceCtrlDispatcherW
RegisterEventSourceW
QueryServiceStatus
StartServiceW
OpenServiceW
OpenSCManagerW
CloseServiceHandle
RegDeleteValueW
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

shell32

ShellExecuteW

loadperf

SetServiceAsTrustedW
UpdatePerfNameFilesA
UpdatePerfNameFilesW

wtsapi32

WTSVirtualChannelPurgeOutput
WTSSetUserConfigW
WTSWaitSystemEvent
WTSQuerySessionInformationW
WTSQueryUserConfigW
WTSEnumerateServersW
WTSUnRegisterSessionNotification
WTSSetSessionInformationA

Sections

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.hz
Size: 3KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.c
Size: 1024B - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.yv
Size: 3KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 88KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tNzK
Size: 1024B - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 126KB - Virtual size: 194KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d1a6819ac16222234bf43d969a923b06

Headers

File Characteristics

Imports

kernel32

user32

advapi32

version

shell32

loadperf

wtsapi32

Sections

.rdata Size: 3KB - Virtual size: 3KB

.text Size: 13KB - Virtual size: 12KB

.hz Size: 3KB - Virtual size: 32KB

.c Size: 1024B - Virtual size: 34KB

.rdata Size: 3KB - Virtual size: 44KB

.yv Size: 3KB - Virtual size: 244KB

.edata Size: 88KB - Virtual size: 136KB

.tNzK Size: 1024B - Virtual size: 31KB

.data Size: 7KB - Virtual size: 12KB

.edata Size: 126KB - Virtual size: 194KB

.rsrc Size: 2KB - Virtual size: 2KB

.rdata
Size: 3KB - Virtual size: 3KB

.text
Size: 13KB - Virtual size: 12KB

.hz
Size: 3KB - Virtual size: 32KB

.c
Size: 1024B - Virtual size: 34KB

.rdata
Size: 3KB - Virtual size: 44KB

.yv
Size: 3KB - Virtual size: 244KB

.edata
Size: 88KB - Virtual size: 136KB

.tNzK
Size: 1024B - Virtual size: 31KB

.data
Size: 7KB - Virtual size: 12KB

.edata
Size: 126KB - Virtual size: 194KB

.rsrc
Size: 2KB - Virtual size: 2KB