1b5acbaf6f938cce1401db85df133daa_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1b5acbaf6f938cce1401db85df133daa_JaffaCakes118
Size

26KB
MD5

1b5acbaf6f938cce1401db85df133daa
SHA1

3b59c90c7c3c1fee95ff4a3ba9d367a22b2bddff
SHA256

99184fff4b80d52a2c7f3866593378d3a58f4e703d8d77df038f68deb0314e99
SHA512

f0a9c92af48c4d94e72754b3778a1bb7a5536aa485ee64ac6839ecd50be84e12dea1c39b90be3b89d2948984e62ad138622406c28721f730f1e17003825020ea
SSDEEP

384:PtrEHjgwjwNgQhuYUR2w55OJEkZjMJ2XApGhKDei3l+EnD7V5f:WHjgTlhuhR2w5IKwIsQuKDeiF7L

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1b5acbaf6f938cce1401db85df133daa_JaffaCakes118

Files

1b5acbaf6f938cce1401db85df133daa_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7580943791632c18116a35cbc87518df

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TerminateProcess
LoadLibraryA
InterlockedCompareExchange
SetThreadPriority
QueryPerformanceCounter
InterlockedDecrement
GetCurrentProcess
GetProcAddress
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
LocalAlloc
VirtualFree
SetEvent
InterlockedIncrement
FreeLibrary
GetComputerNameW
GetCurrentThreadId
GetCurrentThread
CreateThread
CloseHandle
VirtualAlloc
GetCurrentProcessId
WaitForSingleObject
GetComputerNameExW
GetTickCount
GetSystemInfo
DelayLoadFailureHook
GetSystemTimeAsFileTime
CreateEventW
SetLastError
ResetEvent
LocalFree

urlmon

CoInternetCombineUrl

rpcrt4

RpcStringBindingComposeW
NdrClientCall2
RpcBindingFromStringBindingW
RpcSsDestroyClientContext
I_RpcExceptionFilter
I_RpcMapWin32Status
RpcBindingFree
RpcStringFreeW

advapi32

RegEnumKeyExW
RegOpenKeyExA
ConvertSidToStringSidW
CreateWellKnownSid
RegCloseKey
RegEnumKeyW
OpenThreadToken
RegSetValueExW
RegEnumValueW
GetLengthSid
OpenProcessToken
RegOpenKeyExW
RegDeleteValueW
RegQueryValueExA
RegCreateKeyExW
IsWellKnownSid
RegDeleteKeyW
GetTokenInformation
EqualDomainSid
RegQueryValueExW
RegQueryInfoKeyW

msvcrt

wcscpy
wcsncmp
wcsncpy
wcslen
wcscat
_adjust_fdiv
_wcsnicmp
_except_handler3
memmove
malloc
free
_initterm

ntdll

NtQueryValueKey
RtlLengthSid
RtlEnterCriticalSection
RtlInitializeCriticalSection
NtClose
NtOpenKey
RtlCopyLuid
NtQueryInformationToken
RtlGetNtProductType
RtlLengthSecurityDescriptor
RtlInitString
RtlInitUnicodeString
DbgPrint
NtAllocateLocallyUniqueId
NtAllocateVirtualMemory
RtlValidSid
RtlSubAuthorityCountSid
RtlLeaveCriticalSection
RtlDeleteCriticalSection
RtlConvertSidToUnicodeString
RtlNtStatusToDosError
RtlMakeSelfRelativeSD
RtlFreeUnicodeString
RtlSubAuthoritySid
RtlCopySid

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7580943791632c18116a35cbc87518df

Headers

File Characteristics

Imports

kernel32

urlmon

rpcrt4

advapi32

msvcrt

ntdll

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 72KB

.rsrc Size: 15KB - Virtual size: 14KB

.reloc Size: 512B - Virtual size: 20B

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 72KB

.rsrc
Size: 15KB - Virtual size: 14KB

.reloc
Size: 512B - Virtual size: 20B