2b6a5849bc7f782552c2f70f5d627166_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2b6a5849bc7f782552c2f70f5d627166_JaffaCakes118
Size

573KB
MD5

2b6a5849bc7f782552c2f70f5d627166
SHA1

9414c84f74767f2439fe4ca72532f158429ba38f
SHA256

97c60b6da1e115c441cde395a475aad1e77af9adabddb13fcfea9f8ece393b84
SHA512

47ac2c1b14eba8eec6779525710c002e772d5e452b2a33318cd8e41e1a47a9b050f01dbbef102ec9ce7555a915dc1cef9aafca89c7559ae7d6875a7656ccdce3
SSDEEP

12288:7SxTKso8YGUnrtnkfeS5M2sQKyd/utmg3g+F5lCRha:75yUnrRKJcQowgw+YP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b6a5849bc7f782552c2f70f5d627166_JaffaCakes118

Files

2b6a5849bc7f782552c2f70f5d627166_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c8f9c834de33c15b5df418af5b8a7cd6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crtdll

wscanf
wcsrchr
sin
localtime
isalnum
fputc
_rmtmp
_ismbblead
_finite
_fileno
_exit
_c_exit

version

VerQueryValueW
GetFileVersionInfoSizeA
GetFileVersionInfoA

rpcrt4

double_from_ndr
RpcSmClientFree
RpcServerTestCancel
RpcMgmtStatsVectorFree
RpcMgmtSetComTimeout
RpcMgmtEpEltInqDone
RpcBindingSetAuthInfoExA
MesInqProcEncodingId
DceErrorInqTextA

ntdll

ZwOpenIoCompletion
ZwDeleteAtom
RtlSetTimer
RtlSetAttributesSecurityDescriptor
RtlPrefixString
RtlNtStatusToDosError
NtSetLowWaitHighEventPair
NtLoadKey2
NtEnumerateValueKey
NtAllocateUuids
CsrFreeCaptureBuffer
RtlAddAuditAccessAce

kernel32

SetCommState
CompareFileTime
ExitProcess
FindFirstChangeNotificationW
FindFirstFileExW
FindNextChangeNotification
GetACP
GetCPInfoExW
GetCommandLineA
GetDriveTypeW
GetTapeParameters
GlobalMemoryStatus
HeapAlloc
lstrcpyA
WaitForMultipleObjectsEx
VirtualFree
VirtualAlloc
VerLanguageNameW
VerLanguageNameA
TlsSetValue
SetWaitableTimer
SetUnhandledExceptionFilter
SetThreadPriorityBoost
SetThreadLocale
SetThreadAffinityMask
SetLastError
OpenSemaphoreW
OpenMutexW
MultiByteToWideChar
LocalAlloc
LeaveCriticalSection
BeginUpdateResourceW

userenv

UnregisterGPNotification
RegisterGPNotification
LeaveCriticalPolicySection
CreateEnvironmentBlock
DestroyEnvironmentBlock
EnterCriticalPolicySection
ExpandEnvironmentStringsForUserW
FreeGPOListW
GetAppliedGPOListW
GetProfilesDirectoryW

Exports

Exports

VjxnE
atnzFXgelaqLsep
bqzvboMacmKj
cacjlWwaYFeqtazczcu
geeqOopCkZsynvjq
iYadwvvlXqgunxG
ltguyxsfvdmsyckggbk
ocRozsNDxrzh
tovpQursjdzyqctxms
trbdLxm
uirijfVGwvdlhqk
yiQhjkYbuknu

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 506KB - Virtual size: 507KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c8f9c834de33c15b5df418af5b8a7cd6

Headers

File Characteristics

Imports

crtdll

version

rpcrt4

ntdll

kernel32

userenv

Exports

Exports

Sections

.text Size: 35KB - Virtual size: 34KB

.data Size: 506KB - Virtual size: 507KB

.rsrc Size: 31KB - Virtual size: 30KB

.text
Size: 35KB - Virtual size: 34KB

.data
Size: 506KB - Virtual size: 507KB

.rsrc
Size: 31KB - Virtual size: 30KB