096f6bf36558870a7dedff89bbd5d962_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

096f6bf36558870a7dedff89bbd5d962_JaffaCakes118
Size

31KB
MD5

096f6bf36558870a7dedff89bbd5d962
SHA1

2dca0d594ebc8ce3a03a7bfac561b09bb5bde9b7
SHA256

cc5056dec9fa53c26f19acdd0b245ed637ee4774147872bcaf77cbcbdce7949c
SHA512

7513bade4f68586fc20b2af5aaf7e44929a76c7da26d397d9d2943691c48cd99a02582e98d0b53d89dfc36c99c1a319e69faf6e710a39eb8aeaab852cf98c684
SSDEEP

384:v17uWEuCSms9qQ8xtlsEtext5lDWlwjOSZYFR6xKB7gSEkTa4xH1SJcar/HOG:v3E1jsAxtm/5lilwjOSZYfsEa4xHwjHd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
096f6bf36558870a7dedff89bbd5d962_JaffaCakes118

Files

096f6bf36558870a7dedff89bbd5d962_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a99b1f5f3b4de3a77b01db567040a3f4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileSize
GetDriveTypeA
GetSystemTimeAsFileTime
SetFileTime
BackupWrite
HeapFree
TerminateProcess
RemoveDirectoryA
SetCommConfig
LoadLibraryA
CreateThread
FindFirstFileA
FindNextFileA
SetEndOfFile
DosDateTimeToFileTime
FindClose
CopyFileA
ExitProcess
lstrcpynA
SystemTimeToFileTime
EnterCriticalSection
SetUnhandledExceptionFilter
SetFileAttributesA
WaitForSingleObject
HeapAlloc
GetSystemDirectoryA
GetCommandLineA
CreateProcessA
GlobalHandle
SetThreadAffinityMask
MoveFileA
GetFileAttributesA
GetDiskFreeSpaceA
GetCurrentDirectoryA
GetVersionExA
LocalFileTimeToFileTime
SetFilePointer
CreateFileA
ExpandEnvironmentStringsA
CreateEventA
GetProcessHeap
GetCurrentProcessId
QueryDosDeviceA
OpenEventA
VirtualFree
ReadFile
CloseHandle
QueryPerformanceCounter
FreeLibrary
GetSystemTime
DeviceIoControl
MoveFileExA
WideCharToMultiByte
Sleep
DeleteCriticalSection
DeleteFileA
WriteFile
SetEvent
SetErrorMode
LeaveCriticalSection
GetProcAddress
GetExitCodeProcess
GetTickCount
GetCurrentThreadId
SetLastError

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

advapi32

InitiateSystemShutdownA
SetSecurityDescriptorDacl
OpenProcessToken
GetLengthSid
CryptReleaseContext
GetTokenInformation
AddAccessAllowedAce
InitializeAcl
CryptGenRandom
InitializeSecurityDescriptor
AllocateAndInitializeSid
CryptAcquireContextA

ntdll

NtClose
NtOpenProcessToken
NtAdjustPrivilegesToken
NtShutdownSystem

user32

ShowWindow
EndDialog
SendMessageA
LoadStringA
MessageBoxA
DialogBoxParamA
SendDlgItemMessageA
SetParent

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.res
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 14KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a99b1f5f3b4de3a77b01db567040a3f4

Headers

File Characteristics

Imports

kernel32

shell32

advapi32

ntdll

user32

Sections

.text Size: 8KB - Virtual size: 7KB

.data Size: 5KB - Virtual size: 9KB

.res Size: 3KB - Virtual size: 3KB

.pdata Size: 14KB - Virtual size: 47KB

.text
Size: 8KB - Virtual size: 7KB

.data
Size: 5KB - Virtual size: 9KB

.res
Size: 3KB - Virtual size: 3KB

.pdata
Size: 14KB - Virtual size: 47KB