5bcfbc2a924ed7fac0d38d26775ce04a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5bcfbc2a924ed7fac0d38d26775ce04a_JaffaCakes118
Size

136KB
MD5

5bcfbc2a924ed7fac0d38d26775ce04a
SHA1

8706a7c58fe6f014510d06a0997f4e90407d131e
SHA256

911a918465ca84eb7e739b8bb8a124ab801d07e980a116722772a556d405c3c0
SHA512

4f1df60752c047ebee888df89a046ec187d216daee80f1967d34be4dd0ec17d77fa2a3b62f4e7d1fb8fb48f53d6aee6c97b8aa994d638ab0e07a8e81443d9847
SSDEEP

3072:i109piMf9egCOS8LS/gpfmw0gzbONMWvOhCudR9p9PRzRS+3J:iaiMfUiffyRvOFtRdd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5bcfbc2a924ed7fac0d38d26775ce04a_JaffaCakes118

Files

5bcfbc2a924ed7fac0d38d26775ce04a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

4d957368e205c74ba6800af65d61436a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

SendMessageA
SetParent
EndDialog
ShowWindow
DialogBoxParamA
LoadStringA
MessageBoxA
SendDlgItemMessageA

kernel32

FindNextFileA
CreateThread
ExpandEnvironmentStringsA
GetDriveTypeA
RemoveDirectoryA
DeleteFileA
TerminateProcess
DeviceIoControl
MoveFileExA
WideCharToMultiByte
WaitForSingleObject
SetLastError
OpenEventA
GetDiskFreeSpaceA
GetCurrentDirectoryA
SetHandleContext
QueryDosDeviceA
SetEndOfFile
SystemTimeToFileTime
GetCommandLineA
GetVersion
ReadFile
GetProcessHeap
SetErrorMode
CreateEventA
CloseHandle
WriteFile
SetTimeZoneInformation
GetFileAttributesA
FindClose
CreateProcessA
HeapFree
GetTickCount
VirtualQuery
GetExitCodeProcess
DosDateTimeToFileTime
GetSystemTime
GetProcAddress
GetProcessHeap
SetFileAttributesA
CreateFileA
SetUnhandledExceptionFilter
GetSystemDirectoryA
HeapAlloc
FindFirstFileA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetVersionExA
BackupWrite
SetThreadAffinityMask
FreeLibrary
LocalFileTimeToFileTime
LoadLibraryA
QueryPerformanceCounter
lstrcpynA
SetFileTime
GetFileSize
LeaveCriticalSection
EnterCriticalSection
SetFilePointer
DeleteCriticalSection
Sleep
MoveFileA
CopyFileA
ExitProcess
SetEvent
GetCurrentThreadId

ntdll

NtShutdownSystem
NtOpenProcessToken
NtAdjustPrivilegesToken
NtClose

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

advapi32

InitializeAcl
GetLengthSid
AddAccessAllowedAce
GetTokenInformation
CryptReleaseContext
CryptAcquireContextA
CryptGenRandom
AllocateAndInitializeSid
SetSecurityDescriptorDacl
OpenProcessToken
InitializeSecurityDescriptor
InitiateSystemShutdownA

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ymltml
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 129KB - Virtual size: 247KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4d957368e205c74ba6800af65d61436a

Headers

File Characteristics

Imports

user32

kernel32

ntdll

shell32

advapi32

Sections

.text Size: 9KB - Virtual size: 8KB

.data Size: 5KB - Virtual size: 122KB

.ymltml Size: 3KB - Virtual size: 3KB

.edata Size: 129KB - Virtual size: 247KB

.text
Size: 9KB - Virtual size: 8KB

.data
Size: 5KB - Virtual size: 122KB

.ymltml
Size: 3KB - Virtual size: 3KB

.edata
Size: 129KB - Virtual size: 247KB