3c8b50b6bc4e39c3f69a22df513daa95_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3c8b50b6bc4e39c3f69a22df513daa95_JaffaCakes118
Size

154KB
MD5

3c8b50b6bc4e39c3f69a22df513daa95
SHA1

031f1b1132fa48efadef88357ae714ff8a9e4d27
SHA256

9a9ab41830ec3f02c41ed9b058806edb4ac2deef3446015599d9c15ff899262a
SHA512

f2c8c090e6999c01b11ea8ac2d96e8ff9585e11cb5983b8ddf9747c03dfa2e03e937a4298d93bceaa3e3b817f3e17cf48c59b82145f98e7cf02fed75fe6271dd
SSDEEP

3072:pRclDQUwAogUprwTKxKcS9Q1uW2WDbsZbq4gDSi+lZxegGjxveXWiP8vtnjGkNPs:PL1aW8KxBz15DbsZbq4I9+ljyAFkBj4z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3c8b50b6bc4e39c3f69a22df513daa95_JaffaCakes118

Files

3c8b50b6bc4e39c3f69a22df513daa95_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a83f85551d1c0f8e49a6853149227720

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

iphlpapi

NotifyAddrChange

version

VerFindFileW
VerFindFileA

user32

UnregisterDeviceNotification
RegisterDeviceNotificationW
MessageBoxW
MessageBeep

ntdll

wcsncpy
RtlRegisterWait
RtlDeregisterWait
RtlCreateSecurityDescriptor
RtlSetGroupSecurityDescriptor
NtQueryInformationToken
RtlAcquireResourceShared
RtlSetDaclSecurityDescriptor
RtlAdjustPrivilege
RtlOemStringToUnicodeString
RtlInitializeResource
NtAccessCheckAndAuditAlarm
RtlCreateAcl
wcsncmp
wcscpy
DbgPrint
_strnicmp
NtClose
RtlLengthSid
NtOpenThreadToken
RtlFreeUnicodeString
RtlNtStatusToDosError
RtlInitAnsiString
RtlAcquireResourceExclusive
strncpy
wcscmp
RtlUnicodeStringToOemString
wcsstr
NtOpenProcessToken
RtlInitializeCriticalSection
RtlUnwind
RtlCopySid
RtlFreeOemString
RtlAddAce
RtlReleaseResource
RtlNewSecurityObject
NtQueryVirtualMemory
RtlSetSaclSecurityDescriptor
_itoa
RtlInitUnicodeString
RtlSetOwnerSecurityDescriptor
wcslen

rpcrt4

RpcImpersonateClient
RpcRevertToSelf
NdrServerCall2

ws2_32

WSAGetLastError

netapi32

NetWkstaUserEnum
Netbios
NetApiBufferFree

kernel32

WideCharToMultiByte
QueryPerformanceCounter
TerminateThread
TerminateProcess
DeleteCriticalSection
UnhandledExceptionFilter
SetEvent
MultiByteToWideChar
GetLocalTime
WaitForSingleObject
LocalFree
LoadLibraryExW
InterlockedExchange
FreeLibrary
LoadLibraryW
VirtualAlloc
Sleep
GetCurrentProcess
CreateEventW
LeaveCriticalSection
WriteFile
CloseHandle
CreateMailslotA
GetLastError
GetTickCount
FormatMessageA
LocalAlloc
GetCurrentProcessId
GetComputerNameW
GetDateFormatW
GetTimeFormatW
DisableThreadLibraryCalls
ReadFile
FormatMessageW
GetSystemTimeAsFileTime
GetCurrentThreadId
GetOverlappedResult
GetProcAddress
SetUnhandledExceptionFilter
CreateFileA
CreateThread

advapi32

CloseServiceHandle
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
QueryServiceStatus
SetServiceStatus
RegisterServiceCtrlHandlerExW

Sections

.text
Size: 512B - Virtual size: 388B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 736KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a83f85551d1c0f8e49a6853149227720

Headers

DLL Characteristics

File Characteristics

Imports

iphlpapi

version

user32

ntdll

rpcrt4

ws2_32

netapi32

kernel32

advapi32

Sections

.text Size: 512B - Virtual size: 388B

.rdata Size: 104KB - Virtual size: 103KB

.reloc Size: 512B - Virtual size: 28B

.data Size: 29KB - Virtual size: 736KB

.rsrc Size: 15KB - Virtual size: 14KB

.idata Size: 3KB - Virtual size: 3KB

.text
Size: 512B - Virtual size: 388B

.rdata
Size: 104KB - Virtual size: 103KB

.reloc
Size: 512B - Virtual size: 28B

.data
Size: 29KB - Virtual size: 736KB

.rsrc
Size: 15KB - Virtual size: 14KB

.idata
Size: 3KB - Virtual size: 3KB