2194d78da0f26c52ee77e9e040f14c11_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

2194d78da0f26c52ee77e9e040f14c11_JaffaCakes118
Size

256KB
MD5

2194d78da0f26c52ee77e9e040f14c11
SHA1

5efce20283c1e8b1b0dc6ff3d33b91077c1448d5
SHA256

7461d791dd21c0fc65db0ba7df1b6cda5695c5644257087557e1ae20727447aa
SHA512

d3d6df4598aaf9b4c5bf39b2837a88bb4a471ec07264812928125494af477a9e446921d2daa9ebc8f141e9e9fead77e0b34f2bbcf57bcf8ec9a5d264adf588d9
SSDEEP

6144:bsjNDE8z902dozzXU4fHnGX7NqjuXakJwajTSa1EMmK/:WNDE8Z02eXNfmX78Kacwaj7Ek

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2194d78da0f26c52ee77e9e040f14c11_JaffaCakes118

Files

2194d78da0f26c52ee77e9e040f14c11_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f21825dcaf78f6f6ac2fa013d0f4de8c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

gethostname
shutdown
WSAGetLastError
gethostbyname
connect
WSASetLastError
getservbyport
gethostbyaddr
getservbyname
inet_addr
ioctlsocket
closesocket
WSAStartup
WSACleanup
htonl
htons
bind
listen
ntohs

ws2_32

WSAAccept
WSASend
WSACloseEvent
WSACreateEvent
WSARecv

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

userenv

CreateEnvironmentBlock
LoadUserProfileW
DestroyEnvironmentBlock

psapi

GetModuleBaseNameW

kernel32

GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
GetStartupInfoA
GetLastError
lstrcpynW
lstrlenA
FreeLibrary
LoadLibraryW
lstrcmpW
lstrcpynA
lstrlenW
GetVersionExW
CreateEventW
OpenEventW
Sleep
SetEvent
WaitForSingleObject
GetCurrentThreadId
InitializeCriticalSection
GetTimeFormatW
GetDateFormatW
GetLocalTime
SystemTimeToFileTime
GlobalAlloc
ExpandEnvironmentStringsW
lstrcpyA
lstrcatA
WaitForMultipleObjects
GetExitCodeProcess
GetCurrentProcess
LocalFree
GetStartupInfoW
lstrcatW
GetModuleFileNameW
CreateMutexW
OpenMutexW
GetCurrentProcessId
lstrcmpiW
LoadLibraryA
GetSystemDirectoryA
lstrcmpiA
GetModuleHandleW
RemoveDirectoryW
CreateDirectoryW
lstrcpyW
GetProcAddress

user32

WaitForInputIdle
wsprintfW

advapi32

DuplicateTokenEx
ImpersonateLoggedOnUser
SetThreadToken
RevertToSelf
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
OpenSCManagerW
OpenServiceW
QueryServiceStatus
RegConnectRegistryW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
SetServiceStatus
GetSecurityInfo
GetSecurityDescriptorDacl
BuildExplicitAccessWithNameW
SetEntriesInAclW
SetSecurityInfo
CreateProcessAsUserW
LookupPrivilegeValueW
OpenProcessToken
StartServiceW
CloseServiceHandle
AdjustTokenPrivileges
GetUserNameW

shell32

SHGetFolderPathW

scecli

SceStartTransaction
SceSetupUpdateSecurityKey
SceSvcConvertTextToSD
SceConfigureConvertedFileSecurity
DllRegisterServer
SceSetupUpdateSecurityService
SceSysPrep
SceProcessSecurityPolicyGPOEx
SceNotifyPolicyDelta
SceCommitTransaction
SceGetAreas

qdv

DllUnregisterServer
DllRegisterServer
DllCanUnloadNow

Sections

CODE
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.HZegg
Size: 4KB - Virtual size: 286KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.gSmIMr
Size: 512B - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lp
Size: 2KB - Virtual size: 251KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.C
Size: 1KB - Virtual size: 298KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 102KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.COf
Size: 3KB - Virtual size: 358KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 108KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.DuNtD
Size: 1024B - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vNOO
Size: 3KB - Virtual size: 723KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f21825dcaf78f6f6ac2fa013d0f4de8c

Headers

File Characteristics

Imports

wsock32

ws2_32

version

userenv

psapi

kernel32

user32

advapi32

shell32

scecli

qdv

Sections

CODE Size: 3KB - Virtual size: 2KB

.HZegg Size: 4KB - Virtual size: 286KB

.text Size: 12KB - Virtual size: 12KB

.gSmIMr Size: 512B - Virtual size: 28KB

.lp Size: 2KB - Virtual size: 251KB

.rdata Size: 3KB - Virtual size: 36KB

.C Size: 1KB - Virtual size: 298KB

.edata Size: 102KB - Virtual size: 132KB

.data Size: 6KB - Virtual size: 296KB

.COf Size: 3KB - Virtual size: 358KB

.edata Size: 108KB - Virtual size: 113KB

.DuNtD Size: 1024B - Virtual size: 145KB

.vNOO Size: 3KB - Virtual size: 723KB

.rsrc Size: 3KB - Virtual size: 2KB

CODE
Size: 3KB - Virtual size: 2KB

.HZegg
Size: 4KB - Virtual size: 286KB

.text
Size: 12KB - Virtual size: 12KB

.gSmIMr
Size: 512B - Virtual size: 28KB

.lp
Size: 2KB - Virtual size: 251KB

.rdata
Size: 3KB - Virtual size: 36KB

.C
Size: 1KB - Virtual size: 298KB

.edata
Size: 102KB - Virtual size: 132KB

.data
Size: 6KB - Virtual size: 296KB

.COf
Size: 3KB - Virtual size: 358KB

.edata
Size: 108KB - Virtual size: 113KB

.DuNtD
Size: 1024B - Virtual size: 145KB

.vNOO
Size: 3KB - Virtual size: 723KB

.rsrc
Size: 3KB - Virtual size: 2KB