27c1047be2f904c42a4f192c01032f2a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

27c1047be2f904c42a4f192c01032f2a_JaffaCakes118
Size

252KB
MD5

27c1047be2f904c42a4f192c01032f2a
SHA1

7a03517814cc9d15f6523f35435e99394f6364aa
SHA256

f92d26ef8ac27129465c574611ccc095deae558a82f48f6d3515e82025d211a8
SHA512

1b57daccd69cf1cef328f843ce8ca9ac8fbaf8bdd9a1c1884d46b1c8e98820ec873f7236663b2f5fa5e55b4fe703368fd6ff4fe459cd4a4e3754b8e7bf6c60f5
SSDEEP

6144:XWsZqmKLs+LB4RYHkv4J5ofbiX8ueHyko2NDIou:XTZqmZ+LBm0o8eHG2qou

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
27c1047be2f904c42a4f192c01032f2a_JaffaCakes118

Files

27c1047be2f904c42a4f192c01032f2a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

dfd7311384ed68d10ffe335648b2291b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FileTimeToLocalFileTime
GetThreadPriority
lstrcpynA
GetDiskFreeSpaceExA
EnumCalendarInfoW
GlobalAddAtomA
SizeofResource
GetBinaryTypeA
CopyFileExW
GetModuleHandleA
GetEnvironmentStringsW
CancelIo
WaitNamedPipeA
GetShortPathNameA
CreateEventA
GlobalFlags
InitializeCriticalSection
RaiseException
GetFileAttributesA
ReadConsoleA
CloseHandle
TlsGetValue
ConnectNamedPipe
SetConsoleCursorPosition
FillConsoleOutputCharacterA
GetThreadContext
GetTickCount
_lread
EndUpdateResourceA
SetEnvironmentVariableA
SetConsoleActiveScreenBuffer
FreeResource
PeekConsoleInputW
PulseEvent
GetSystemInfo
IsDBCSLeadByteEx
GlobalReAlloc
GetProcessHeap
GetDriveTypeW
SetProcessWorkingSetSize
FindFirstFileW
GetTimeZoneInformation
GetStartupInfoA
MoveFileExA
OutputDebugStringA
QueryDosDeviceA
GetCommandLineA
CompareStringW
GetCurrentProcess
FindFirstFileExW
GlobalDeleteAtom
SetThreadLocale
FreeLibrary
FindCloseChangeNotification
WritePrivateProfileStringA
GlobalAddAtomW
SetCurrentDirectoryA
VirtualQuery
AreFileApisANSI
GetConsoleMode
EnumCalendarInfoA
FatalAppExitA
PurgeComm
MultiByteToWideChar
ReadFileScatter
SetConsoleTitleA
EnumSystemCodePagesA
ReleaseSemaphore
lstrcmpA
GetProcessTimes
GetPrivateProfileSectionW
SetNamedPipeHandleState
VirtualAllocEx
WritePrivateProfileStringW
FormatMessageA
SetupComm
GetLogicalDriveStringsA
ExitProcess
GetTapeStatus
GetComputerNameW
LCMapStringA
DuplicateHandle
SetProcessShutdownParameters
GetCommandLineW
SetLastError
IsBadWritePtr
IsBadStringPtrA
GetTempFileNameA
GetFileInformationByHandle
OpenSemaphoreW
GetProfileStringA
GetNumberFormatW
GetTapeParameters
GetLocaleInfoW
SetMailslotInfo
_hread
OutputDebugStringW
ReadDirectoryChangesW
_lopen
OpenFile
GetVersionExA
GetOEMCP
VirtualAlloc

user32

AppendMenuW
IsCharAlphaW
FindWindowA
GetProcessWindowStation
SwitchToThisWindow
WindowFromPoint
IsDialogMessageW
RegisterHotKey
IsCharAlphaNumericA
GetKeyboardType
CreateIconIndirect
EnableScrollBar
CreateIcon

gdi32

PolyBezier
BeginPath
GetBitmapBits
ArcTo
OffsetRgn
AbortDoc
CreatePatternBrush
GetDIBits
SetPixel
SetDIBColorTable
GetTextExtentPoint32W
GetMetaFileBitsEx
GetNearestPaletteIndex
RoundRect
TextOutA
RealizePalette

advapi32

CreateServiceA
RegSetValueA
RegQueryInfoKeyA
DuplicateTokenEx
StartServiceW
GetPrivateObjectSecurity
QueryServiceConfigA
FreeSid
GetSecurityDescriptorDacl
ImpersonateSelf
GetExplicitEntriesFromAclW
BuildTrusteeWithNameW
DeleteAce
SetThreadToken
QueryServiceObjectSecurity
GetAce
ReportEventW
SetSecurityDescriptorOwner
ObjectCloseAuditAlarmW
SetPrivateObjectSecurity
ReadEventLogW
GetSidLengthRequired
SetServiceStatus
SetServiceObjectSecurity
RegEnumValueW
GetNamedSecurityInfoA
CryptGetProvParam
ClearEventLogW
CryptImportKey
RegisterEventSourceW
CreatePrivateObjectSecurity
OpenProcessToken
GetUserNameW
GetServiceKeyNameW
RegRestoreKeyA
RegConnectRegistryA
RegSetKeySecurity
AdjustTokenPrivileges

shell32

DragFinish
Shell_NotifyIconA
SHLoadInProc
SHGetPathFromIDListA

ole32

CoDisconnectObject
CoReleaseServerProcess

oleaut32

SysStringLen
LoadTypeLibEx

shlwapi

PathFileExistsW
PathIsDirectoryA
StrChrA
SHRegGetUSValueW
PathFindFileNameA
UrlApplySchemeW
PathIsFileSpecA
StrCmpLogicalW

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 232KB - Virtual size: 229KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

dfd7311384ed68d10ffe335648b2291b

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

Sections

.text Size: 8KB - Virtual size: 4KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 232KB - Virtual size: 229KB

.text
Size: 8KB - Virtual size: 4KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 232KB - Virtual size: 229KB