1b15edabbea22a293adc5c4a7c3e05d3_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

1b15edabbea22a293adc5c4a7c3e05d3_JaffaCakes118
Size

252KB
MD5

1b15edabbea22a293adc5c4a7c3e05d3
SHA1

b92919f47039eb38038e2474b463c24e6bc3289f
SHA256

71d508635b0dbff9a41f2ba88277d97c49364aaba40beea2f7954b6f1bc5353e
SHA512

2035b5ac5a14446178988585dff7521b240752ef6282c8d7012c81ea5edf347cf0d4ab4335962cc470ba1ea8d08c18d1399f162723bf0875afb42e75d644f2b3
SSDEEP

6144:c1rwii7st1Y+S6pYQCR+gs74dVGwG+oISthMZzLkV:cT+sH4wgsLMFkV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1b15edabbea22a293adc5c4a7c3e05d3_JaffaCakes118

Files

1b15edabbea22a293adc5c4a7c3e05d3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

729e2b8cebe03557fa750328914aa7f2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

ws2_32

WSACleanup
inet_ntoa
gethostbyname
gethostname
WSAStartup

kernel32

GetProcessHeap
RaiseException
CreateMutexW
CreateDirectoryW
RemoveDirectoryW
SetErrorMode
GetExitCodeThread
MoveFileW
GetSystemTime
GetCurrentThreadId
IsDebuggerPresent
SetUnhandledExceptionFilter
GetSystemDirectoryW
FileTimeToSystemTime
GlobalAlloc
lstrlenW
lstrcmpiW
DosDateTimeToFileTime
ExpandEnvironmentStringsA
WaitForSingleObject
CreateEventW
LoadResource
FindResourceW
FreeLibrary
LocalFree
lstrlenA
OpenEventW
SystemTimeToFileTime
GetLocalTime
GetModuleHandleW
GetTempPathW
lstrcmpW
GetProcAddress

user32

GetForegroundWindow
MessageBoxW

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
CreateProcessAsUserW
SetSecurityInfo
SetEntriesInAclW
BuildExplicitAccessWithNameW
GetSecurityDescriptorDacl
GetSecurityInfo
DuplicateTokenEx
RegQueryValueExA
RegOpenKeyExA
DeregisterEventSource
ReportEventW
RegisterEventSourceW
GetTokenInformation
OpenProcessToken
ControlService
QueryServiceStatus
CloseServiceHandle
OpenServiceW
OpenSCManagerW
StartServiceW
QueryServiceConfigW
ImpersonateLoggedOnUser
RevertToSelf
SetThreadToken
LookupAccountSidW
GetUserNameW

shell32

ShellExecuteW

shlwapi

PathGetDriveNumberW

quartz

AMGetErrorTextA
DllUnregisterServer
DBToAmpFactor
AMGetErrorTextW
DllRegisterServer
AmpFactorToDB
DllCanUnloadNow

dsauth

StoreSetSearchSubTree
StoreInitHandle

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.o
Size: 1KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.NCfFn
Size: 5KB - Virtual size: 558KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.HFHP
Size: 81KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.G
Size: 1KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ReMw
Size: 2KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 6KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.BmRgDG
Size: 135KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

729e2b8cebe03557fa750328914aa7f2

Headers

File Characteristics

Imports

version

ws2_32

kernel32

user32

advapi32

shell32

shlwapi

quartz

dsauth

Sections

.text Size: 13KB - Virtual size: 12KB

.o Size: 1KB - Virtual size: 69KB

.rdata Size: 3KB - Virtual size: 21KB

.NCfFn Size: 5KB - Virtual size: 558KB

.HFHP Size: 81KB - Virtual size: 169KB

.G Size: 1KB - Virtual size: 47KB

.ReMw Size: 2KB - Virtual size: 122KB

.data Size: 6KB - Virtual size: 160KB

.BmRgDG Size: 135KB - Virtual size: 196KB

.rsrc Size: 2KB - Virtual size: 2KB

.text
Size: 13KB - Virtual size: 12KB

.o
Size: 1KB - Virtual size: 69KB

.rdata
Size: 3KB - Virtual size: 21KB

.NCfFn
Size: 5KB - Virtual size: 558KB

.HFHP
Size: 81KB - Virtual size: 169KB

.G
Size: 1KB - Virtual size: 47KB

.ReMw
Size: 2KB - Virtual size: 122KB

.data
Size: 6KB - Virtual size: 160KB

.BmRgDG
Size: 135KB - Virtual size: 196KB

.rsrc
Size: 2KB - Virtual size: 2KB