5afda2047781d7e14c4e67e0f41faf3a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5afda2047781d7e14c4e67e0f41faf3a_JaffaCakes118
Size

159KB
MD5

5afda2047781d7e14c4e67e0f41faf3a
SHA1

8d4527c9d51692613836f48e4a7717dda737d3a7
SHA256

e0636a27c853de2c7798f5ef5f359cae35da365f16ac7da396b028c96282d840
SHA512

d29fbbe40ede6e1c1d024ba867bc9977dbfe9f2c9bab309cf93caa6075d5b426b447194900f5f8a473aa3fe559975439253ef5985ec5853afdc20ec3dd1a157d
SSDEEP

3072:1km89y3nPX4J211ITLrZJzHno5Yb17nl562EEJGblIfOn3c2kKZHq:em89MPGFdHQknl1Ep5IfOMlGHq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5afda2047781d7e14c4e67e0f41faf3a_JaffaCakes118

Files

5afda2047781d7e14c4e67e0f41faf3a_JaffaCakes118
.exe windows:1 windows x86 arch:x86

ad3555c4d7d024354c071a23d56a7728

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

ShellExecuteW

kernel32

GetModuleFileNameA
CreateFileW
DeleteFileW
FindNextFileA
ReadFile
GetSystemDefaultLCID
GetTickCount
CloseHandle
GetSystemDirectoryW
lstrcpyW
CreateSemaphoreA
FindVolumeMountPointClose
VirtualAlloc
lstrcatW
FindClose
EnterCriticalSection
WriteFile
WriteConsoleOutputW
GetFileSizeEx
VirtualFree
GetModuleHandleA
CopyFileA
DuplicateHandle
OpenProcess
lstrlenA
LeaveCriticalSection
GetLastError
InterlockedIncrement
SetConsoleKeyShortcuts
WritePrivateProfileStringW
DebugBreakProcess
GetCurrentProcess
GetStartupInfoA
WaitForSingleObjectEx
GetPrivateProfileStructA
GetWindowsDirectoryA
SetConsoleNumberOfCommandsA
OpenJobObjectA
GetConsoleFontInfo
GetCPInfoExW
lstrcatA
GlobalUnlock
SetSystemTimeAdjustment
DeleteFileA
lstrcpyA
CreateFileA
FindFirstFileA
GetProcAddress
GetSystemDirectoryA
TerminateJobObject
lstrcpy
GetLocaleInfoA
GetPrivateProfileStructW
InitializeCriticalSection
Sleep

advapi32

RegDeleteKeyW
LookupPrivilegeValueA
OpenSCManagerA
RegSetValueExA
OpenEncryptedFileRawW
CloseServiceHandle
OpenEventLogW
RegOpenKeyA
AdjustTokenPrivileges
QueryServiceStatusEx
RegCreateKeyA
RegQueryValueExA
OpenProcessToken
EnumServicesStatusA
LockServiceDatabase
RegCloseKey

ntdll

strlen
isspace
NtQuerySystemInformation
RtlAnsiStringToUnicodeString
strncmp
strstr
RtlInitAnsiString
ZwLoadDriver
wcsstr
RtlFreeUnicodeString
vsprintf
sprintf
tolower
_chkstk
NtQueryObject
memcpy
isdigit
memset

psapi

EnumProcesses
GetProcessImageFileNameA

ws2_32

WSAEnumNameSpaceProvidersW
FreeAddrInfoW
htonl
send
htons
accept
connect
socket
__WSAFDIsSet
closesocket
gethostbyname
WSCEnableNSProvider
WSAGetServiceClassNameByClassIdW
WSAStartup
recv
select

ole32

CoCreateGuid

user32

ExitWindowsEx
SetWindowLongA
CharLowerW

Sections

.data
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 394B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ad3555c4d7d024354c071a23d56a7728

Headers

File Characteristics

Imports

shell32

kernel32

advapi32

ntdll

psapi

ws2_32

ole32

user32

Sections

.data Size: 20KB - Virtual size: 20KB

.text Size: 512B - Virtual size: 394B

.idata Size: 3KB - Virtual size: 2KB

.data
Size: 20KB - Virtual size: 20KB

.text
Size: 512B - Virtual size: 394B

.idata
Size: 3KB - Virtual size: 2KB