4489e7bdc124e6686c6369af8b86c4f8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4489e7bdc124e6686c6369af8b86c4f8_JaffaCakes118
Size

59KB
MD5

4489e7bdc124e6686c6369af8b86c4f8
SHA1

bb73ccfe386fafe99f12728b8d710c235db29e3f
SHA256

22f625ad48c010edfed8d890df39abb5cc33c17b657bed69489176b2ee822109
SHA512

50de94f2dae4dd65b1c8a756baeda1a50fe7eda3e17b22cc96e28dee63bbea9701ba5c710764708711cd7fa5af1919ace1a6f81b91cc198f6ed257870c4f3b03
SSDEEP

1536:Lgd4YKxHDAjylTrzVnReV/e33dl1q7zBhprwm8sbDM:LUf46ylvzxomHdWxOcDM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4489e7bdc124e6686c6369af8b86c4f8_JaffaCakes118

Files

4489e7bdc124e6686c6369af8b86c4f8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1a77a0881321c37c8e4e4ca7aebf9112

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

BackupSeek
SetTimeZoneInformation
SetVolumeLabelA
IsBadReadPtr
InterlockedCompareExchange
SetCommTimeouts
SetEvent
lstrlen
GetProcessVersion
WriteProcessMemory
_lclose
GetStringTypeExA
CreateFiber
PeekNamedPipe
GetNumberOfConsoleMouseButtons
VirtualProtectEx
GetModuleFileNameA
FoldStringA
GlobalAddAtomA
DisconnectNamedPipe
_hread
FreeConsole
CallNamedPipeA
IsProcessorFeaturePresent
WinExec
GetProfileStringA
SystemTimeToTzSpecificLocalTime
ResumeThread
GetCPInfoExA
GetCurrentDirectoryA
GetNamedPipeHandleStateA
GetTickCount
ReadConsoleA
DeleteAtom
Module32First
SetLocalTime
GetWindowsDirectoryA
GetTapeStatus
GetLogicalDriveStringsA
GetDriveTypeA
Beep
CloseHandle
WaitForMultipleObjects
SwitchToFiber
GetConsoleTitleA
LoadLibraryA
HeapWalk
SetEnvironmentVariableA
GetShortPathNameA
FindNextChangeNotification
Heap32ListNext
BuildCommDCBA
CompareStringA
GetUserDefaultLangID
PrepareTape
LocalShrink
EnumDateFormatsA
GetConsoleOutputCP
InterlockedIncrement
SetTapeParameters
lstrcpy

shlwapi

StrCSpnA
SHRegWriteUSValueA
HashData
PathMakePrettyA
StrFormatByteSize64A
PathRemoveBlanksA
StrToIntExA
StrChrIA
ColorHLSToRGB
PathIsUNCA
UrlIsOpaqueA
PathSearchAndQualifyA
StrIsIntlEqualA
SHRegOpenUSKeyA
PathStripToRootA
SHRegEnumUSKeyA
SHDeleteValueA
PathQuoteSpacesA
PathFileExistsA
UrlCombineA
PathIsRelativeA
SHAutoComplete
PathGetDriveNumberA
UrlGetLocationA
PathIsFileSpecA
SHIsLowMemoryMachine
PathCommonPrefixA
SHCreateStreamWrapper
SHRegCreateUSKeyA

advapi32

GetSecurityDescriptorControl

Sections

.jox
Size: 22KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtwf
Size: 5KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.opgd
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bypkb
Size: 27KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1a77a0881321c37c8e4e4ca7aebf9112

Headers

File Characteristics

Imports

kernel32

shlwapi

advapi32

Sections

.jox Size: 22KB - Virtual size: 45KB

.qtwf Size: 5KB - Virtual size: 10KB

.opgd Size: 1024B - Virtual size: 1KB

.bypkb Size: 27KB - Virtual size: 132KB

.rsrc Size: 2KB - Virtual size: 4KB

.jox
Size: 22KB - Virtual size: 45KB

.qtwf
Size: 5KB - Virtual size: 10KB

.opgd
Size: 1024B - Virtual size: 1KB

.bypkb
Size: 27KB - Virtual size: 132KB

.rsrc
Size: 2KB - Virtual size: 4KB