221627bdef731a9c162f3698edf47a1d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

221627bdef731a9c162f3698edf47a1d_JaffaCakes118
Size

72KB
MD5

221627bdef731a9c162f3698edf47a1d
SHA1

757b4568e3b5d48ba6d0f03bcce02aa995a82cf3
SHA256

55007df6e22c4bfc87c337de418dc8ac8e200e1159987690ac4f2ac612d3e5b6
SHA512

305ca9269bda9cb3245ebd601e4b69b8d65e73ff67974055dfb3676c4dc1e7115c27e0d3be118c0086a75df05f6241e82811cedba8e6285af6d9d8ed50b56ea7
SSDEEP

768:kL3NnjKkTW+wk+In1SrULl2Xjib/KUXeR5d6jKspOFiEpz6jRdB:k5jKSWHkbn1KUETwWRs+z6jrB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
221627bdef731a9c162f3698edf47a1d_JaffaCakes118

Files

221627bdef731a9c162f3698edf47a1d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

abefc8cd2a9f8cd6265df5cd351ecb73

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock
UnloadUserProfile

kernel32

LocalFree
GetCurrentProcessId
GetExitCodeProcess
IsBadCodePtr
IsBadReadPtr
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetStringTypeW
GetStringTypeA
TlsAlloc
SetUnhandledExceptionFilter
QueryPerformanceCounter
IsBadWritePtr
CreateMutexA
LoadLibraryA
GetCurrentThreadId
GetTickCount
lstrcatA
lstrcpyA
GetCurrentThread
GetCurrentProcess
FindResourceA
LoadResource
GetModuleFileNameA
lstrcpynA
CreateEventA
WaitForSingleObject
GetModuleHandleA
FreeLibrary
SetEvent
Sleep
lstrcmpiA
lstrlenA
GetLastError
InitializeCriticalSection
RaiseException
lstrlenW
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
HeapCreate
GetStartupInfoA
ExitProcess
GetSystemInfo
GetProcessHeap
GetProcAddress

user32

CharUpperA
MessageBoxA
GetMessageA
CharNextA
GetSystemMetrics

advapi32

RegCreateKeyExA
ImpersonateLoggedOnUser
CreateProcessAsUserW
CreateProcessAsUserA
DuplicateTokenEx
SetTokenInformation
RegOpenKeyExW
RegQueryValueExW
RevertToSelf
RegOpenKeyA
ConvertSidToStringSidA
LookupPrivilegeValueA
AdjustTokenPrivileges
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerExA
ControlService
DeleteService
CreateServiceA
OpenThreadToken
OpenProcessToken
SetServiceStatus
RegisterEventSourceA
ReportEventA
DeregisterEventSource
OpenSCManagerA
OpenServiceA
CloseServiceHandle
ChangeServiceConfigA
GetTokenInformation
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
IsValidSid
GetLengthSid
CopySid
RegQueryValueExA
RegEnumKeyExA
InitializeSecurityDescriptor
GetSidLengthRequired
InitializeAcl
InitializeSid
GetSidSubAuthority
AddAccessAllowedAce
SetSecurityDescriptorDacl
IsValidSecurityDescriptor
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA

ole32

CoCreateInstance
CoUninitialize
CoInitialize
CoInitializeEx

oleaut32

LoadTypeLi
SysStringLen
VariantInit
VariantClear
SysAllocString
UnRegisterTypeLi
RegisterTypeLi
LoadRegTypeLi
SysFreeString
VarUI4FromStr

shlwapi

PathFindExtensionA

scecli

SceGetDbTime
SceGetAreas
SceCopyBaseProfile
SceSvcSetInformationTemplate
SceSvcSetInfo
SceProcessSecurityPolicyGPO
SceSvcFree
SceRegisterRegValues
SceSetupBackupSecurity
SceOpenPolicy
SceUpdateObjectInfo
SceCloseProfile
SceDcPromoCreateGPOsInSysvolEx
SceSetupUpdateSecurityService
SceStartTransaction

vssapi

IsVolumeSnapshotted

Sections

CODE
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Qp
Size: 3KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.wUCQG
Size: 5KB - Virtual size: 436KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 7KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.FoI
Size: 3KB - Virtual size: 732KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 7KB - Virtual size: 376KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zy
Size: 2KB - Virtual size: 283KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 12KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.wnJwyn
Size: 3KB - Virtual size: 297KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rhFYjE
Size: 5KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

abefc8cd2a9f8cd6265df5cd351ecb73

Headers

File Characteristics

Imports

userenv

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

scecli

vssapi

Sections

CODE Size: 6KB - Virtual size: 5KB

.Qp Size: 3KB - Virtual size: 96KB

.text Size: 11KB - Virtual size: 11KB

.rdata Size: 4KB - Virtual size: 6KB

.wUCQG Size: 5KB - Virtual size: 436KB

.edata Size: 7KB - Virtual size: 57KB

.FoI Size: 3KB - Virtual size: 732KB

.data Size: 7KB - Virtual size: 376KB

.zy Size: 2KB - Virtual size: 283KB

.edata Size: 12KB - Virtual size: 56KB

.wnJwyn Size: 3KB - Virtual size: 297KB

.rhFYjE Size: 5KB - Virtual size: 1.1MB

.rsrc Size: 2KB - Virtual size: 1KB

CODE
Size: 6KB - Virtual size: 5KB

.Qp
Size: 3KB - Virtual size: 96KB

.text
Size: 11KB - Virtual size: 11KB

.rdata
Size: 4KB - Virtual size: 6KB

.wUCQG
Size: 5KB - Virtual size: 436KB

.edata
Size: 7KB - Virtual size: 57KB

.FoI
Size: 3KB - Virtual size: 732KB

.data
Size: 7KB - Virtual size: 376KB

.zy
Size: 2KB - Virtual size: 283KB

.edata
Size: 12KB - Virtual size: 56KB

.wnJwyn
Size: 3KB - Virtual size: 297KB

.rhFYjE
Size: 5KB - Virtual size: 1.1MB

.rsrc
Size: 2KB - Virtual size: 1KB