61af6578e3bac7dda628b1dfe25223bf_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

61af6578e3bac7dda628b1dfe25223bf_JaffaCakes118
Size

212KB
MD5

61af6578e3bac7dda628b1dfe25223bf
SHA1

cf3790322796bcf0f32c310f048219fdd84314a3
SHA256

8990bc29ef8ff80411d8c83b9d1d363a3de78bf088f0626ff2ac08b42c52920e
SHA512

8268e4c8a4d893bd8899dd58ff86c7ca460d5728f531c9ef8fa512272295cf642f87e457c032bbedd8b38744f9c77fe71688b5bc8aa2b6759c909c7e1055482d
SSDEEP

3072:7K7OKsY6g2sCwfImxYG2FRCHEr7iL65oI7/jOD2iu36721r7vTAQbnO7Eg0/+aQJ:7K6KLlVdH8iLTIrjF6y1HN/RQihlgv0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
61af6578e3bac7dda628b1dfe25223bf_JaffaCakes118

Files

61af6578e3bac7dda628b1dfe25223bf_JaffaCakes118
.exe windows:4 windows x86 arch:x86

18f0bde34fa18c51c1231d9c2ef63c69

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
GetConsoleTitleA
SetConsoleTextAttribute
CloseHandle
DeviceIoControl
CreateFileA
GetVolumeInformationA
GetDriveTypeA
GetProcAddress
LoadLibraryA
QueryDosDeviceA
GetVolumeNameForVolumeMountPointA
FindVolumeClose
FindNextVolumeA
FindVolumeMountPointClose
FindNextVolumeMountPointA
FindFirstVolumeMountPointA
FindFirstVolumeA
FlushFileBuffers
CopyFileA
GetTempPathA
SetErrorMode
WideCharToMultiByte
lstrlenW
DuplicateHandle
OpenProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
GetCurrentProcessId
GetTickCount
GetExitCodeThread
WaitForSingleObject
CreateThread
GetVolumePathNameA
GetVersionExA
LocalFree
FormatMessageA
FlushConsoleInputBuffer
CreateProcessA
WriteFile
RtlUnwind
HeapAlloc
HeapFree
GetModuleHandleA
GetCommandLineA
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetACP
GetOEMCP
GetCPInfo
HeapDestroy
HeapCreate
VirtualFree
HeapReAlloc
IsBadWritePtr
ExitProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
SetFilePointer
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
SetStdHandle
ReadConsoleInputA
GetModuleFileNameA
SetConsoleCtrlHandler
GetStdHandle
SetConsoleMode
GetLastError
GetConsoleScreenBufferInfo

user32

GetWindowThreadProcessId
IsWindowVisible
GetWindow
GetDesktopWindow

advapi32

CloseServiceHandle
OpenServiceA
OpenSCManagerA
StartServiceA
ControlService
QueryServiceStatus

setupapi

SetupDiGetClassDevsA
CM_Query_And_Remove_SubTreeW
CM_Get_DevNode_Registry_PropertyA
CM_Get_DevNode_Status
SetupDiDestroyDeviceInfoList
CM_Get_Parent
SetupDiGetDeviceRegistryPropertyA
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
CM_Request_Device_EjectW
CM_Get_Device_IDA

shell32

ShellExecuteA

Sections

.text
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PACK
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

18f0bde34fa18c51c1231d9c2ef63c69

Headers

File Characteristics

Imports

kernel32

user32

advapi32

setupapi

shell32

Sections

.text Size: 40KB - Virtual size: 37KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 8KB - Virtual size: 8KB

PACK Size: 144KB - Virtual size: 380KB

.text
Size: 40KB - Virtual size: 37KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 8KB - Virtual size: 8KB

PACK
Size: 144KB - Virtual size: 380KB