27d0d7fae03849c689dfe17b14dc13ec_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

27d0d7fae03849c689dfe17b14dc13ec_JaffaCakes118
Size

2.0MB
MD5

27d0d7fae03849c689dfe17b14dc13ec
SHA1

b29b3aeb0d676f47f57684442c51a46352b838ce
SHA256

e0cd8dc089d8fec588f5e7cc123870a0d8b9d3544cc1f24e21d8e5af89c5adc5
SHA512

0d79cc7ab3e7ac00fe20dd18c67543b13fb22474341f45f1ca90b811beb5fbf8fee3abd8303033c773d51d0565c13ea0f9bbd49589807e771390f8653c714c30
SSDEEP

24576:sMUaWjrTQ3KuQaRhBkVaP5D9CsRHw7bKjGwc73rO2Erwl8itktzOGss2XRljSRYH:s/acrE3LQQhcax05DIDzGSRO1M+gdO7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
27d0d7fae03849c689dfe17b14dc13ec_JaffaCakes118

Files

27d0d7fae03849c689dfe17b14dc13ec_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2f564fab77b567b6c7ab5c52622aa01d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

SafeArrayUnaccessData
VariantCopy
SysFreeString
SafeArrayPutElement

ws2_32

WSAAsyncGetHostByName
gethostname
WSACancelAsyncRequest
WSAGetLastError
ntohl
WSAInstallServiceClassW
shutdown

kernel32

GetDriveTypeA
EnumTimeFormatsW
SetCommTimeouts
VirtualAlloc
IsBadStringPtrA
FindNextChangeNotification
ClearCommBreak
GetStringTypeExW
EnumResourceNamesW
EnumCalendarInfoA
SetEnvironmentVariableA
GlobalFindAtomA
FileTimeToLocalFileTime
PeekConsoleInputW
IsBadReadPtr
SetStdHandle
GlobalAddAtomA
LoadResource
SetConsoleActiveScreenBuffer
CreateIoCompletionPort
CancelIo
SetProcessWorkingSetSize
GetProfileIntA
GetConsoleMode
SetConsoleOutputCP
ExitProcess
WritePrivateProfileSectionA
WriteConsoleOutputCharacterA
GetLargestConsoleWindowSize
GetAtomNameA
GetOEMCP
LocalAlloc
SetCurrentDirectoryA
LocalLock
SetThreadLocale
VirtualLock
OpenMutexA
GlobalFindAtomW
GetNumberFormatW

version

GetFileVersionInfoSizeA

comctl32

ImageList_LoadImageW
ImageList_Add
ImageList_Draw
ImageList_GetIcon

user32

HideCaret
SetKeyboardState
SwapMouseButton
LoadKeyboardLayoutW
GetSystemMenu
GetKeyboardLayout

advapi32

CryptAcquireContextW
LookupPrivilegeDisplayNameA
RegisterEventSourceA
OpenEventLogW
DeleteService
CryptDeriveKey
RegQueryValueExA
CryptGenKey
NotifyBootConfigStatus
ImpersonateLoggedOnUser
RegEnumValueW
InitiateSystemShutdownW
DeleteAce
GetLengthSid
RegReplaceKeyW
CryptVerifySignatureA
FreeSid
RegEnumKeyW
AdjustTokenPrivileges
RegFlushKey
GetSidSubAuthorityCount

msvcrt

ferror
_ismbblead
_spawnv
_mbsdec
fgets
_wcsdup
fputwc
_execlp
strtoul
_wtoi64
iswascii
_wcslwr
iswalnum
wcsspn
strpbrk
_mbsnextc
toupper
islower
_lseeki64
_endthread
_getpid
_wfopen
_wcsnicmp
_exit
strtod
qsort
_mbctoupper

Sections

.text
Size: 2KB - Virtual size: 219KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2f564fab77b567b6c7ab5c52622aa01d

Headers

File Characteristics

Imports

oleaut32

ws2_32

kernel32

version

comctl32

user32

advapi32

msvcrt

Sections

.text Size: 2KB - Virtual size: 219KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 1.8MB - Virtual size: 1.8MB

.rsrc Size: 17KB - Virtual size: 16KB

.text
Size: 2KB - Virtual size: 219KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 1.8MB - Virtual size: 1.8MB

.rsrc
Size: 17KB - Virtual size: 16KB