092e0b000b03fd4a4bc3f847ed7a0d0d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

092e0b000b03fd4a4bc3f847ed7a0d0d_JaffaCakes118
Size

97KB
MD5

092e0b000b03fd4a4bc3f847ed7a0d0d
SHA1

23303906b7187c0a9100a751de3eeb3ebeab4e6d
SHA256

489bdd81af85ac9e219f9347aa4ab64a43eb75158e023d8d71df207683258407
SHA512

26c01b7261c98a4169d77027ee8803048241563aa9b7fa0b5ad74f8c83d6e2f55b20c892230294337cb9f6528f65dd3ae9f4988690466d3465d36f20bee9e03f
SSDEEP

1536:AI/Z+i5KVJplhS0ehPPkgYlcC2m0CYZ6BqChH:T55KVJpihXLYlcChzYZ6owH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
092e0b000b03fd4a4bc3f847ed7a0d0d_JaffaCakes118

Files

092e0b000b03fd4a4bc3f847ed7a0d0d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b41200d7aabd69c3b3640e570d3898da

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExA
lstrcmpiA
SetFileAttributesA
GetFileAttributesA
GetLastError
FindNextFileA
GetUserDefaultLCID
lstrlenA
UnmapViewOfFile
ExitProcess
CloseHandle
GetModuleHandleA
GetCurrentProcess
DeleteFileA
GetModuleFileNameA
lstrcpyA
CreateFileA
GetPrivateProfileStringA
lstrcmpA
GetWindowsDirectoryA
GetSystemDirectoryA
FindFirstFileA
GetStartupInfoA
GetStdHandle
GetFileType
GetLocaleInfoW
SetStdHandle
SetFilePointer
FlushFileBuffers
GetLocaleInfoA
LoadLibraryA
GetProcAddress
VirtualAlloc
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
lstrcatA
GetCommandLineA
GetVersion
InterlockedDecrement
InterlockedIncrement
TerminateProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
MultiByteToWideChar
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WideCharToMultiByte
GetCPInfo
GetACP
GetOEMCP
SetHandleCount
LeaveCriticalSection
HeapDestroy
DeleteCriticalSection
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
WriteFile
HeapCreate
VirtualFree
RtlUnwind
HeapFree
HeapAlloc
InitializeCriticalSection
EnterCriticalSection

user32

MessageBoxA
LoadStringA
ExitWindowsEx

winspool.drv

DeletePrinter
EnumPrinterDriversA
ClosePrinter
EnumPrintersA
OpenPrinterA
DeletePrinterConnectionA
GetPrinterDriverDirectoryA
DeletePrinterDriverA

advapi32

RegSetValueExA
RegCloseKey
RegDeleteValueA
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken

setupapi

SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
SetupDiCallClassInstaller
SetupDiDestroyDeviceInfoList
SetupOpenInfFileA
SetupGetLineCountA
SetupGetLineTextA
SetupGetLineByIndexA
SetupCloseInfFile

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.WYCao
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b41200d7aabd69c3b3640e570d3898da

Headers

File Characteristics

Imports

kernel32

user32

winspool.drv

advapi32

setupapi

Sections

.text Size: 32KB - Virtual size: 31KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 16KB - Virtual size: 20KB

.WYCao Size: 36KB - Virtual size: 34KB

.text
Size: 32KB - Virtual size: 31KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 16KB - Virtual size: 20KB

.WYCao
Size: 36KB - Virtual size: 34KB