264ba1125fc6eff2ffca00a168538eda_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

264ba1125fc6eff2ffca00a168538eda_JaffaCakes118
Size

29KB
MD5

264ba1125fc6eff2ffca00a168538eda
SHA1

47d28b74768842c2718bddd2d08f8c86306b5173
SHA256

54aee781fce8f3f90fe64b3f010408d5e115e523558503e364cfcd5d95f36873
SHA512

5c765d5f7980a734c479295f334161d1561467386cc7730a9c20ed93b3bdb845492d63a7213de56b9a1d19fbbc2ea6d6dfa9935c9fbe8c418739f2f1226350f9
SSDEEP

768:OZeVHoXADGr+gv9eby8QtkAi1paZU0gg4pyru:O4HoX2Gygv90y8RpUvIyru

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
264ba1125fc6eff2ffca00a168538eda_JaffaCakes118

Files

264ba1125fc6eff2ffca00a168538eda_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c147191c2b5d4cfe915f2d5cecf09f07

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessA
TerminateProcess
GetEnvironmentVariableA
ExitThread
CopyFileA
VirtualAllocEx
SetEnvironmentVariableA
GetModuleFileNameA
GetModuleHandleA
LoadLibraryExA
GetCurrentProcessId
WriteProcessMemory
DeleteFileA
MoveFileExA
VirtualQuery
IsBadReadPtr
GetVolumeInformationA
GetSystemWindowsDirectoryA
GetFileAttributesA
HeapValidate
GetTempPathA
GetLastError
ConnectNamedPipe
CreateNamedPipeA
SetEndOfFile
InterlockedDecrement
GetModuleFileNameW
CreateFileW
GetTempFileNameA
ExitProcess
GlobalAddAtomA
SetFileTime
GlobalFindAtomA
GetFileTime
GetVersionExA
HeapFree
CreateRemoteThread
CreateToolhelp32Snapshot
GetExitCodeThread
Process32Next
GetProcAddress
OpenProcess
VirtualFree
Process32First
FreeLibrary
HeapAlloc
ReadFile
WriteFile
SetFilePointer
GetFileSize
CreateFileA
CreateThread
CloseHandle
ReleaseMutex
VirtualProtect
CreateMutexA
GetThreadPriority
VirtualAlloc
InterlockedExchange
FlushInstructionCache
SetThreadPriority
IsBadCodePtr
Sleep
GetProcessHeap
GetCurrentThread
GetTickCount
WaitForSingleObject
GetCurrentProcess

user32

CharUpperA

winspool.drv

DeleteMonitorA
AddMonitorA

advapi32

RegCreateKeyExA
ImpersonateNamedPipeClient
ImpersonateLoggedOnUser
DuplicateTokenEx
OpenThreadToken
GetUserNameA
RegOpenKeyExA
RegSetValueExA
RegCloseKey
RegOpenKeyA
RegQueryValueExA
OpenServiceA
CloseServiceHandle
LogonUserA
CheckTokenMembership
FreeSid
RevertToSelf
OpenProcessToken
GetTokenInformation
DuplicateToken
StartServiceA
AllocateAndInitializeSid
QueryServiceStatusEx
OpenSCManagerA

ole32

CoInitializeEx
CoInitializeSecurity
CoCreateInstance

oleaut32

VariantClear
SysAllocString
SysFreeString
VariantInit

ntdll

RtlCreateUserThread
RtlPrefixUnicodeString
ZwCreateSymbolicLinkObject
wcscat
_snwprintf
wcslen
wcsstr
wcscpy
ZwSetSecurityObject
strcmp
ZwQuerySystemInformation
_snprintf
strlen
NtAllocateVirtualMemory
NtFreeVirtualMemory
strtoul
memset
strstr
strrchr
ZwYieldExecution
strcat
RtlAdjustPrivilege
strcpy
memcmp
memcpy
RtlUnwind
_chkstk
NtVdmControl

shlwapi

StrStrIA

msvcrt

rand
??1type_info@@UAE@XZ
_CxxThrowException

netapi32

NetUserGetInfo
NetApiBufferFree
NetQueryDisplayInformation

Exports

Exports

main

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c147191c2b5d4cfe915f2d5cecf09f07

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

winspool.drv

advapi32

ole32

oleaut32

ntdll

shlwapi

msvcrt

netapi32

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 12KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 8KB - Virtual size: 8KB

.rsrc Size: 168KB - Virtual size: 168KB

.text
Size: 12KB - Virtual size: 12KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 168KB - Virtual size: 168KB