620bb38ef1f14e9adb2a93975c9f36fe_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

620bb38ef1f14e9adb2a93975c9f36fe_JaffaCakes118
Size

269KB
MD5

620bb38ef1f14e9adb2a93975c9f36fe
SHA1

bb922ed69124c2049edf0391593192b83911039a
SHA256

617633815a344f4afaef9e3a076619199c08dd1d742a781418d1cfe1c9715f58
SHA512

902ffe8e2fc802c79f2f512aa67007cf3729c0050a0cee7d1dc1e85b9e058957ef54a2e55ddc8fe248f55c4c224553ea1412dd9e3cd8bee9f1dae31893bf0aa1
SSDEEP

3072:cR5OU5qPMDmQ863j2pazXXDy+zdVtZ8XqnXUwdqUT/oz6IE7q91ATpvxbb49gKFA:q5zCemQ8mieDNVRxF0ojxvRK4ImV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
620bb38ef1f14e9adb2a93975c9f36fe_JaffaCakes118

Files

620bb38ef1f14e9adb2a93975c9f36fe_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0e40a707a6de349571fec82acf8836d4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlUnwind
NtQueryInformationFile

kernel32

GetProcAddress
GetFileSize
CreateFileA
GetTempPathA
GetSystemTime
LoadLibraryExW
GetFileTime
GetFileAttributesW
CreateThread
GetCurrentThreadId
IsDBCSLeadByte
ExitThread
RaiseException
GetModuleHandleA
TlsSetValue
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
HeapReAlloc
HeapAlloc
HeapSize
HeapFree
GetStartupInfoA
TlsFree
SetLastError
TlsGetValue
GetCurrentThread
UnhandledExceptionFilter
FatalAppExitA
TlsAlloc
Sleep
WideCharToMultiByte
EnterCriticalSection
GetQueuedCompletionStatus
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
SetUnhandledExceptionFilter
CloseHandle
WaitForMultipleObjects
GetCPInfo
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP
LeaveCriticalSection
SetConsoleCtrlHandler
GetTimeZoneInformation
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
WriteFile
DeleteCriticalSection
InterlockedCompareExchange
InterlockedIncrement
InitializeCriticalSection
InterlockedExchange
PostQueuedCompletionStatus
FreeLibrary
SetEvent
GetCurrentProcess
SetProcessWorkingSetSize
GetCommandLineW
GetModuleHandleW
MultiByteToWideChar
GetModuleFileNameW
CreateIoCompletionPort
GetOverlappedResult
GetLastError
WaitForSingleObject
ResetEvent
DeviceIoControl
LCMapStringW
LCMapStringA
CreateEventW
SetEndOfFile
GetFileAttributesA
SetFilePointer
SetFileAttributesA
OutputDebugStringW
IsBadStringPtrW
lstrlenA
lstrlenW
IsBadStringPtrA
CreateMutexW
ReleaseMutex
PulseEvent
CreateSemaphoreW
ReleaseSemaphore
GetTickCount
LocalFree
lstrcmpA
LocalAlloc
GetVersionExW
LoadLibraryW
GetSystemInfo
GetDriveTypeW
CreateDirectoryW
RemoveDirectoryW
SetCurrentDirectoryW
GetWindowsDirectoryW
GetCurrentDirectoryW
FindNextFileW
DeleteFileW
SetFileAttributesW
FindClose
FindFirstFileW
SetStdHandle
FlushFileBuffers
CreateFileW
ReadFile
InterlockedDecrement
IsBadCodePtr
IsBadWritePtr
IsBadReadPtr
LoadLibraryA

user32

CharPrevW
DispatchMessageW
TranslateMessage
MsgWaitForMultipleObjects
PeekMessageW
LoadStringW
GetDlgItemTextW
CharNextA

advapi32

RegQueryValueExA
RegDeleteKeyW
RegLoadKeyW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegFlushKey
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegEnumValueW
RegDeleteValueW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
GetTokenInformation
RegisterEventSourceW
ReportEventW
DeregisterEventSource
RegisterServiceCtrlHandlerW
SetServiceStatus
StartServiceCtrlDispatcherW
OpenSCManagerW
OpenServiceW
StartServiceW
CloseServiceHandle
CreateServiceW
DeleteService
RegSaveKeyW
RegRestoreKeyW
RegOpenKeyA
RegUnLoadKeyW

shell32

CommandLineToArgvW

savrt32

ord27
ord29
ord28
ord26

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 140KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 16KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.nrdata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0e40a707a6de349571fec82acf8836d4

Headers

File Characteristics

Imports

ntdll

kernel32

user32

advapi32

shell32

savrt32

version

Sections

.text Size: 140KB - Virtual size: 136KB

.rdata Size: 24KB - Virtual size: 21KB

.data Size: 16KB - Virtual size: 22KB

.rsrc Size: 4KB - Virtual size: 1KB

.nrdata Size: 76KB - Virtual size: 76KB

.text
Size: 140KB - Virtual size: 136KB

.rdata
Size: 24KB - Virtual size: 21KB

.data
Size: 16KB - Virtual size: 22KB

.rsrc
Size: 4KB - Virtual size: 1KB

.nrdata
Size: 76KB - Virtual size: 76KB