2a763c3f57611940af9b59aaa24a73fb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2a763c3f57611940af9b59aaa24a73fb_JaffaCakes118
Size

344KB
MD5

2a763c3f57611940af9b59aaa24a73fb
SHA1

2fbc134c0afd9d8cf2f92a15bc42193304b8f5af
SHA256

44ea342dc20b95e6266e4992d7d7054fed0f4f7e935ead7057698982f9be3778
SHA512

31060d98855a2dbfb7129e14efcebd962ad53c631653c2a0c7488e42fd57f461e9445c91d5b3ac6de804fd04d42cd5f04bd574b22245478098306c499efe977c
SSDEEP

6144:2+wDYvpf+nNsKmuDZR+V2zDAN/y3U0dxwBPkExbx3YJ39kY278Dbr:RSYvgGKmKRhXAdgtdxjExK3CY08

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2a763c3f57611940af9b59aaa24a73fb_JaffaCakes118

Files

2a763c3f57611940af9b59aaa24a73fb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

31facc0b2160e77d76d3b5f8aa64ec71

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateMailslotA
WriteConsoleInputA
EnumTimeFormatsW
MoveFileExA
QueueUserAPC
IsDebuggerPresent
AreFileApisANSI
SystemTimeToTzSpecificLocalTime
FormatMessageA
UnmapViewOfFile
EndUpdateResourceA
GetTapeParameters
CallNamedPipeW
SetUnhandledExceptionFilter
HeapCreate
PeekConsoleInputA
lstrcmpA
FindFirstChangeNotificationW
VirtualAllocEx
HeapFree
LCMapStringA
ExitProcess
VirtualQuery
CreateFiber
QueryDosDeviceA
GetComputerNameW
SetFileAttributesW
GlobalAddAtomA
GetTimeFormatA
MulDiv
GetStringTypeA
GetProcAddress
FlushConsoleInputBuffer
GetSystemDirectoryA
InterlockedCompareExchange
SetConsoleScreenBufferSize
LCMapStringW
GetStringTypeExA
SetConsoleWindowInfo
GetPrivateProfileStringW
FreeResource
FindClose
IsBadWritePtr
IsProcessorFeaturePresent
HeapDestroy
HeapAlloc
DisconnectNamedPipe
SetConsoleCursorPosition
GetCommandLineA
GetVersionExA
VirtualProtect
ReadFile

user32

TranslateMessage

gdi32

CreatePen
GetTextCharacterExtra
GetPixelFormat
SelectObject
GetSystemPaletteEntries
SetMapMode
SetWinMetaFileBits
GetBrushOrgEx

advapi32

StartServiceCtrlDispatcherA
OpenThreadToken
OpenSCManagerA
AccessCheckAndAuditAlarmW
CreateServiceW
GetSecurityDescriptorControl
SetEntriesInAclA
QueryServiceStatus
LockServiceDatabase
ImpersonateLoggedOnUser
SetPrivateObjectSecurity
RegSetKeySecurity
LookupPrivilegeValueA
RegDeleteValueW
SetSecurityDescriptorGroup
RegSetValueExW
CryptGetProvParam
CryptReleaseContext
SetNamedSecurityInfoW
CreateProcessAsUserW
InitializeAcl
CryptVerifySignatureW
SetTokenInformation
EqualSid
LookupAccountSidW
SetSecurityInfo
OpenProcessToken
ImpersonateSelf
ReportEventW
BuildSecurityDescriptorW

shell32

ShellAboutA
SHFileOperationA
ExtractAssociatedIconW

ole32

OleSetContainedObject

oleaut32

VariantClear
SafeArrayGetElement
DispGetIDsOfNames
VariantInit
SafeArrayGetLBound
SafeArrayRedim
SysAllocString
CreateErrorInfo
SysFreeString

shlwapi

SHGetValueW

setupapi

SetupDiCreateDeviceInfoA
SetupGetLineTextA
SetupGetBinaryField
SetupFindFirstLineW
SetupDiOpenDeviceInterfaceW
SetupGetLineCountA
SetupDiGetDeviceInstallParamsW
SetupInitDefaultQueueCallback
SetupDiCreateDeviceInfoW
SetupGetIntField

Sections

.text
Size: 296KB - Virtual size: 293KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

31facc0b2160e77d76d3b5f8aa64ec71

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

setupapi

Sections

.text Size: 296KB - Virtual size: 293KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 40KB - Virtual size: 37KB

.text
Size: 296KB - Virtual size: 293KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 40KB - Virtual size: 37KB