3789802505a6ca8f08439889690d24cb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3789802505a6ca8f08439889690d24cb_JaffaCakes118
Size

89KB
MD5

3789802505a6ca8f08439889690d24cb
SHA1

7692fcbb5556b7570332e32e8cc41453e92c5cb7
SHA256

c42815dfae67a290854ade2ff3b6d9f976d576f482b6517b473f26a69fb2019f
SHA512

43d917202d22fcfec0c9db71a0f2c17c545b8437baa9826e83d3de799b20860cbbeb2053caaac694881948fbf4ff798ec52108a11f0164b63abc8c35b411d719
SSDEEP

1536:MYZ4PH1DrAeQlo4i+id9/NDUI81UAcWzXvky8UPR5yg5TEZJefe4ssD3:Ji10eKoL+udujzV8UZ5v5mefeIz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3789802505a6ca8f08439889690d24cb_JaffaCakes118

Files

3789802505a6ca8f08439889690d24cb_JaffaCakes118
.exe windows:5 windows x86 arch:x86

be17067edd2e6e3b09108cfad48d531d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
OpenEventA
GetFileAttributesA
ExitProcess
MoveFileA
CopyFileA
SetThreadAffinityMask
DeleteFileA
GetSystemTime
GetEnvironmentStrings
FreeLibrary
WriteFile
SetLastError
TerminateProcess
HeapValidate
GetCurrentProcessId
WaitForSingleObject
CreateEventA
DeviceIoControl
SetFileAttributesA
GetSystemDirectoryA
SetCommMask
GetFileSize
BackupWrite
SetFileTime
GetTickCount
FindFirstFileA
QueryPerformanceCounter
SystemTimeToFileTime
GetDiskFreeSpaceA
LocalFileTimeToFileTime
GetExitCodeProcess
SetErrorMode
VirtualQuery
LeaveCriticalSection
SetEndOfFile
HeapAlloc
Sleep
LoadLibraryA
ExpandEnvironmentStringsA
lstrcpynA
WideCharToMultiByte
ReadFile
GetCommandLineA
SetUnhandledExceptionFilter
GetCurrentThreadId
DeleteCriticalSection
CreateProcessA
GetVersion
FindNextFileA
CloseHandle
SetFilePointer
SetEvent
HeapFree
GetProcAddress
QueryDosDeviceA
RemoveDirectoryA
GetVersionExA
DosDateTimeToFileTime
GetProcessHeap
FindClose
GetSystemTimeAsFileTime
EnterCriticalSection
GetDriveTypeA
CreateThread
MoveFileExA
GetCurrentDirectoryA

user32

EndDialog
SendDlgItemMessageA
MessageBoxA
DialogBoxParamA
LoadStringA
SendMessageA
ShowWindow
SetParent

advapi32

InitializeSecurityDescriptor
CryptGenRandom
InitiateSystemShutdownA
SetSecurityDescriptorDacl
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
AddAccessAllowedAce
CryptAcquireContextA
InitializeAcl
GetLengthSid
CryptReleaseContext

ntdll

NtShutdownSystem
NtClose
NtAdjustPrivilegesToken
NtOpenProcessToken

shell32

SHGetPathFromIDListA
SHBrowseForFolderA

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qeyaer
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 127KB - Virtual size: 243KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

be17067edd2e6e3b09108cfad48d531d

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ntdll

shell32

Sections

.text Size: 5KB - Virtual size: 5KB

.data Size: 9KB - Virtual size: 128KB

.qeyaer Size: 3KB - Virtual size: 3KB

.edata Size: 127KB - Virtual size: 243KB

.text
Size: 5KB - Virtual size: 5KB

.data
Size: 9KB - Virtual size: 128KB

.qeyaer
Size: 3KB - Virtual size: 3KB

.edata
Size: 127KB - Virtual size: 243KB