43566c4e9a1f86844bab75fbab1404ab_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

43566c4e9a1f86844bab75fbab1404ab_JaffaCakes118
Size

9KB
MD5

43566c4e9a1f86844bab75fbab1404ab
SHA1

7e3a69951e6254cf2cfdd783e2542124d90c0483
SHA256

1530ff9a42328e53afb8c1c87654832e5d664e1a593c9525c09a7a1004ae6fbd
SHA512

9803b8433d1565803b25a5565b6f8c56bbf142eda740b7e63646ac09778735f31d96970e32b8963a197930f35eb7c57c40c8fe75d8c28677c74403d07db26f29
SSDEEP

96:+LRNGuk/DxKEzIosq7wMYILTTrsdiG6E9Zo4S9E4dcXLzsAq+qq8VF0z:Oj6/0josq7w3Ijww4N4d4/98s

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
43566c4e9a1f86844bab75fbab1404ab_JaffaCakes118

Files

43566c4e9a1f86844bab75fbab1404ab_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8c672d1e5ba5844b168bb646be0a697d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetPathFromIDListA
SHBrowseForFolderA

advapi32

SetSecurityDescriptorDacl
AddAccessAllowedAce
OpenProcessToken
CryptReleaseContext
AllocateAndInitializeSid
InitializeAcl
InitializeSecurityDescriptor
CryptGenRandom
InitiateSystemShutdownA
GetLengthSid
CryptAcquireContextA
GetTokenInformation

ntdll

NtClose
NtAdjustPrivilegesToken
NtShutdownSystem
NtOpenProcessToken

kernel32

CreateThread
OpenEventA
SetUnhandledExceptionFilter
GetPriorityClass
HeapFree
SetEvent
HeapAlloc
WriteFile
LocalFileTimeToFileTime
ExitProcess
CopyFileA
LeaveCriticalSection
SetTimerQueueTimer
CloseHandle
GetSystemTime
GetDiskFreeSpaceA
FreeLibrary
SetLastError
GetCurrentProcessId
EnterCriticalSection
GetFileSize
DeleteFileA
GetDriveTypeA
GetCurrentDirectoryA
FindNextFileA
MoveFileExA
GetVersionExA
WideCharToMultiByte
SetFileTime
GetProcessHeap
ExpandEnvironmentStringsA
DosDateTimeToFileTime
GetTickCount
SetFilePointer
SystemTimeToFileTime
ReadFile
OpenSemaphoreA
CreateEventA
lstrcpynA
GetExitCodeProcess
GetProcAddress
IsSystemResumeAutomatic
RemoveDirectoryA
GetCurrentThreadId
FindFirstFileA
QueryPerformanceCounter
GetSystemDirectoryA
DeviceIoControl
GetFileAttributesA
SetErrorMode
SetFileAttributesA
SetEndOfFile
SetThreadAffinityMask
CreateFileA
QueryDosDeviceA
Sleep
CreateProcessA
MoveFileA
GetCommandLineA
VirtualQuery
GetSystemTimeAsFileTime
BackupWrite
DeleteCriticalSection
FindClose

user32

SendMessageA
ShowWindow
EndDialog
SetParent
MessageBoxA
LoadStringA
DialogBoxParamA
SendDlgItemMessageA

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xoah
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 138KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8c672d1e5ba5844b168bb646be0a697d

Headers

File Characteristics

Imports

shell32

advapi32

ntdll

kernel32

user32

Sections

.text Size: 7KB - Virtual size: 6KB

.data Size: 7KB - Virtual size: 120KB

.xoah Size: 3KB - Virtual size: 3KB

.edata Size: 138KB - Virtual size: 263KB

.text
Size: 7KB - Virtual size: 6KB

.data
Size: 7KB - Virtual size: 120KB

.xoah
Size: 3KB - Virtual size: 3KB

.edata
Size: 138KB - Virtual size: 263KB