5aa7dc9797c6e985dccf6ce82d355f0d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5aa7dc9797c6e985dccf6ce82d355f0d_JaffaCakes118
Size

251KB
MD5

5aa7dc9797c6e985dccf6ce82d355f0d
SHA1

87e23e4635df61bdc46b1679361ea9381caa9313
SHA256

fafc0ff28205aa4e326e9904af15e92d9ef3b9ff1ba8fb7d9139b4552aa44df9
SHA512

aebccf64ca035815342cc0043e98bf849f5bf982bb278f68a2d11ad9a94408a3fbac4975711bdca12daf06a458ee3892994e1013df9a2d207606db87ebb3d943
SSDEEP

3072:+ES9nbDTU2g4sGC94zz7JWzGncye3ylei7EZovoq8URz3fRaZX6fnvry3dqRAefi:+ESpbDTUFETw2mnq8UR9yX6fvG3y7TTe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5aa7dc9797c6e985dccf6ce82d355f0d_JaffaCakes118

Files

5aa7dc9797c6e985dccf6ce82d355f0d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

731f172583621256866c9a8daa2aa262

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoCreateInstance
CoUninitialize
OleRun
CoTaskMemFree
CoInitialize

kernel32

IsDebuggerPresent
GetLocalTime
GetProcessHeap
GetPrivateProfileStringW
GetFileSize
UnmapViewOfFile
FormatMessageW
WaitForMultipleObjects
OutputDebugStringA
DeleteFileW
SetUnhandledExceptionFilter
GetTempPathW
TlsFree
TlsGetValue
lstrcpyW
GetDateFormatW
LocalFree
LoadLibraryExW
WaitForSingleObject
EnterCriticalSection
GetPrivateProfileIntW
SetFilePointer
OpenProcess
LeaveCriticalSection
FindNextFileW
CreateFileMappingW
MapViewOfFile
FindFirstFileW
CreateMutexW
lstrcpynW
TlsSetValue
FindClose
GetCurrentThreadId
SetLastError
TlsAlloc
CloseHandle
GetModuleHandleW
lstrlenW
DeleteCriticalSection
OpenEventW
HeapFree
FreeLibrary
CreateFileW
ReadFile
CreateEventW
DeviceIoControl
UnhandledExceptionFilter
CreateProcessW
ResetEvent
WriteFile
CreateDirectoryW
GetSystemTimeAsFileTime
GetTimeFormatW
VirtualAllocEx

ws2_32

send
gethostbyname
bind
WSAEventSelect
htons
socket
WSAWaitForMultipleEvents
inet_addr
connect
htonl
ntohs
gethostname
WSAAccept
listen
closesocket
recv
WSAStartup
shutdown
WSACleanup
WSAGetLastError
WSASetEvent
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents

advapi32

SetServiceStatus
SetSecurityDescriptorDacl
BuildExplicitAccessWithNameW
SetEntriesInAclW
StartServiceCtrlDispatcherW
InitializeSecurityDescriptor
SetSecurityInfo
AdjustTokenPrivileges
OpenSCManagerW
RegCloseKey
GetSecurityInfo
DeleteService
OpenProcessToken
CloseServiceHandle
QueryServiceStatus
StartServiceW
LookupAccountSidW
OpenServiceW
RegOpenKeyExW
RegisterServiceCtrlHandlerW
GetSecurityDescriptorDacl
RegQueryValueExW
RegConnectRegistryW
GetTokenInformation
ConvertStringSecurityDescriptorToSecurityDescriptorW
LookupPrivilegeValueW
CreateProcessAsUserW
CreateServiceW
ControlService
ConvertStringSidToSidW
DuplicateTokenEx
GetUserNameW
SetTokenInformation

urlmon

FindMimeFromData

user32

LoadStringW
wsprintfW

mscms

CreateProfileFromLogColorSpaceW
UnregisterCMMW
InternalGetPS2CSAFromLCS
OpenColorProfileA
InstallColorProfileW
SetColorProfileHeader

zipfldr

DllGetClassObject
RouteTheCall

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.YDee
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.yfOok
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.jRe
Size: 512B - Virtual size: 382B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xMC
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Qq
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.CrDK
Size: 512B - Virtual size: 315B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 211KB - Virtual size: 493KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aI
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

731f172583621256866c9a8daa2aa262

Headers

DLL Characteristics

File Characteristics

Imports

ole32

kernel32

ws2_32

advapi32

urlmon

user32

mscms

zipfldr

Sections

.text Size: 17KB - Virtual size: 16KB

.YDee Size: 2KB - Virtual size: 3KB

.yfOok Size: 2KB - Virtual size: 3KB

.jRe Size: 512B - Virtual size: 382B

.xMC Size: 1024B - Virtual size: 1KB

.Qq Size: 1KB - Virtual size: 2KB

.rdata Size: 3KB - Virtual size: 3KB

.CrDK Size: 512B - Virtual size: 315B

.data Size: 211KB - Virtual size: 493KB

.aI Size: 1KB - Virtual size: 2KB

.rsrc Size: 9KB - Virtual size: 9KB

.text
Size: 17KB - Virtual size: 16KB

.YDee
Size: 2KB - Virtual size: 3KB

.yfOok
Size: 2KB - Virtual size: 3KB

.jRe
Size: 512B - Virtual size: 382B

.xMC
Size: 1024B - Virtual size: 1KB

.Qq
Size: 1KB - Virtual size: 2KB

.rdata
Size: 3KB - Virtual size: 3KB

.CrDK
Size: 512B - Virtual size: 315B

.data
Size: 211KB - Virtual size: 493KB

.aI
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 9KB - Virtual size: 9KB