4309b9a7db5e39e1382037d42a4063d8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4309b9a7db5e39e1382037d42a4063d8_JaffaCakes118
Size

160KB
MD5

4309b9a7db5e39e1382037d42a4063d8
SHA1

92e7d80bd2c6027eae932af0a1101fcf345ed9d5
SHA256

055e61dfc4ae422000d4e49dc6027b0152c851fde0dc256c942e65d80a763f13
SHA512

cd30b0f897a1024912c9727ed6d2180b5e84c656844949b07e212292489d27d6a978a840fa0593267eda5648a1d9661da945eaf8b5a68c993ea91f2f3a229225
SSDEEP

3072:7zz9BS0jXCnb+rA7pTvGCRmM+ZxwNlJ75D4+ZJqfVQ+vPDu:7zzPS0jybxTuyMML7JXZENtvPq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4309b9a7db5e39e1382037d42a4063d8_JaffaCakes118

Files

4309b9a7db5e39e1382037d42a4063d8_JaffaCakes118
.exe windows:1 windows x86 arch:x86

f68d248d41091fd28523566313a494f6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

ShellExecuteW

kernel32

SearchPathW
OpenJobObjectA
SystemTimeToFileTime
WriteFile
WritePrivateProfileStructW
DuplicateHandle
lstrcatA
GetTickCount
FindNextFileA
GetWindowsDirectoryA
GetFileSizeEx
GetCurrentProcess
FindFirstFileA
DeleteFileA
lstrlenA
CloseHandle
GetLastError
EnterCriticalSection
lstrcatW
ReadFile
WritePrivateProfileStructA
VirtualLock
GetTapePosition
DeleteFileW
DeleteTimerQueueTimer
OpenProcess
CreateFileA
VirtualAlloc
lstrcpyW
lstrcpyA
HeapQueryInformation
Sleep
GetProcAddress
SetHandleInformation
GetLocaleInfoA
GetSystemDirectoryW
CopyFileA
IsBadReadPtr
GlobalReAlloc
GetModuleFileNameA
GetSystemDirectoryA
GlobalMemoryStatus
CreateSemaphoreA
FindClose
CreateNlsSecurityDescriptor
LeaveCriticalSection
GetCurrentConsoleFont
CreateFileW
GetModuleHandleA
LCMapStringA
GetSystemDefaultLCID
VirtualFree
GetCalendarInfoW
GlobalFindAtomA
InitializeCriticalSection

advapi32

QueryUsersOnEncryptedFile
GetAuditedPermissionsFromAclA
RegEnumKeyExW
RegCreateKeyA
RegOpenKeyA
AdjustTokenPrivileges
OpenSCManagerA
RegCloseKey
GetTrusteeTypeA
GetTraceLoggerHandle
RegSetValueExA
CloseServiceHandle
EnumServicesStatusA
LookupPrivilegeValueA
OpenProcessToken
RegQueryValueExA

ntdll

_chkstk
RtlAnsiStringToUnicodeString
strlen
RtlInitAnsiString
sprintf
isspace
isdigit
wcsstr
memset
strstr
NtQueryObject
strncmp
NtQuerySystemInformation
RtlFreeUnicodeString
vsprintf
tolower
ZwLoadDriver
memcpy

psapi

GetProcessImageFileNameA
EnumProcesses

ws2_32

__WSAFDIsSet
WSAStartup
getnameinfo
WSCGetProviderPath
socket
WSARemoveServiceClass
select
WSASetServiceW
recv
gethostbyname
closesocket
connect
htonl
connect
send
htons

ole32

CoCreateGuid

user32

CharLowerW
ExitWindowsEx
RegisterRawInputDevices

Sections

.data
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 403B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f68d248d41091fd28523566313a494f6

Headers

File Characteristics

Imports

shell32

kernel32

advapi32

ntdll

psapi

ws2_32

ole32

user32

Sections

.data Size: 21KB - Virtual size: 21KB

.text Size: 512B - Virtual size: 403B

.idata Size: 3KB - Virtual size: 2KB

.data
Size: 21KB - Virtual size: 21KB

.text
Size: 512B - Virtual size: 403B

.idata
Size: 3KB - Virtual size: 2KB