3a13d81d2b0f667be96ad9567edafe0a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3a13d81d2b0f667be96ad9567edafe0a_JaffaCakes118
Size

158KB
MD5

3a13d81d2b0f667be96ad9567edafe0a
SHA1

594eb5a4460651b8afe5e9b76fa7fac8d6b3a2e3
SHA256

dff0e3810ed0ee331354f6a0b096f0b8d2e410cbd51a94f1247acfcaf0761e9a
SHA512

48d4db3c13f606af61268009988426e38a4ac5b7c66176b4284d3a8b42f6a25b6cfc785ac0b5fced70b63c367c88ba06bbc2c42e94aeb1f70c1d72cee59ed47a
SSDEEP

3072:Q2Noei29qg5DVnlwAKCFt5GlO0amxPbf1v0eD:FNoeiNg5RZZQFFPeeD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3a13d81d2b0f667be96ad9567edafe0a_JaffaCakes118

Files

3a13d81d2b0f667be96ad9567edafe0a_JaffaCakes118
.exe windows:1 windows x86 arch:x86

d44c27199b586faa7a141b5a61561587

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

ShellExecuteW

kernel32

FindClose
DelayLoadFailureHook
Sleep
GetTickCount
GetModuleHandleA
InitializeCriticalSection
GetWindowsDirectoryA
EnterCriticalSection
lstrlenA
lstrcpyA
GetLastError
GetModuleFileNameA
lstrcatA
GetLocaleInfoA
CopyFileA
VirtualFree
lstrcatW
WriteFile
CreateFileW
GetSystemDirectoryW
VirtualAlloc
TerminateJobObject
CloseHandle
GetFileSizeEx
DuplicateHandle
GetSystemDefaultLCID
GetEnvironmentVariableW
GetSystemInfo
GetCurrentProcess
GetConsoleFontInfo
SetThreadLocale
GetDriveTypeA
GetSystemDirectoryA
lstrcpyW
CancelTimerQueueTimer
DeleteFileA
RtlCaptureContext
GetProcAddress
SetPriorityClass
CreateIoCompletionPort
LeaveCriticalSection
RemoveLocalAlternateComputerNameA
DeleteFileW
EnumLanguageGroupLocalesW
ReadFile
GetConsoleCommandHistoryW
FindFirstFileA
SetDllDirectoryW
GetEnvironmentStringsW
OpenProcess
ExpandEnvironmentStringsA
CreateSemaphoreA
FindNextFileA
WriteConsoleOutputA
CreateFileA

advapi32

EnumServicesStatusA
AdjustTokenPrivileges
RegQueryValueExA
LsaLookupSids
OpenProcessToken
RegCreateKeyA
BuildImpersonateTrusteeW
RegCloseKey
ElfOpenEventLogA
DestroyPrivateObjectSecurity
RegOpenKeyA
LookupPrivilegeValueA
RegSetValueExA
RegisterTraceGuidsW
OpenSCManagerA
CloseServiceHandle

ntdll

memset
ZwLoadDriver
strstr
RtlAnsiStringToUnicodeString
isspace
vsprintf
memcpy
strlen
NtQueryObject
_chkstk
RtlFreeUnicodeString
strncmp
RtlInitAnsiString
tolower
wcsstr
isdigit
NtQuerySystemInformation
sprintf

psapi

GetProcessImageFileNameA
EnumProcesses

ws2_32

WSAAsyncGetProtoByName
htons
bind
recvfrom
recv
connect
gethostbyname
select
send
inet_ntoa
socket
htonl
__WSAFDIsSet
closesocket
WSAStartup
WSASetBlockingHook

ole32

CoCreateGuid

user32

CreateDialogIndirectParamAorW
CharLowerW
ExitWindowsEx

Sections

.data
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 399B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d44c27199b586faa7a141b5a61561587

Headers

File Characteristics

Imports

shell32

kernel32

advapi32

ntdll

psapi

ws2_32

ole32

user32

Sections

.data Size: 21KB - Virtual size: 21KB

.text Size: 512B - Virtual size: 399B

.idata Size: 3KB - Virtual size: 3KB

.data
Size: 21KB - Virtual size: 21KB

.text
Size: 512B - Virtual size: 399B

.idata
Size: 3KB - Virtual size: 3KB