62ad3ab0db32acb7476ea7679c5d3253_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

62ad3ab0db32acb7476ea7679c5d3253_JaffaCakes118
Size

158KB
MD5

62ad3ab0db32acb7476ea7679c5d3253
SHA1

1abffb56ac497ce730d6a8bb6f573241fcc039e0
SHA256

e30098ca2ecede3a2e928816e49e10deed1c790ce4ed2309045898f650c1b8c0
SHA512

7da1a468c34724d0373b723b1a05ee2eebad0c6e45c5a1cf81c1ea6f7bf46ee47eecc4b5a225962c0381fbbe412c676823c84f2f848b31d0fb1eb76642cfda98
SSDEEP

3072:9M/HC4Ovt3fTuHRjas8yBxOc6Ds/vA9JU47AOOeH+8JpPl84XpOZKE+DqkEv03E:SPDatTuHVsyLCgIvK2/nXpDtk03E

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
62ad3ab0db32acb7476ea7679c5d3253_JaffaCakes118

Files

62ad3ab0db32acb7476ea7679c5d3253_JaffaCakes118
.exe windows:1 windows x86 arch:x86

915dad2f24e85fe1031b511077cd0cf6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

ShellExecuteW

kernel32

ExpungeConsoleCommandHistoryW
CreateHardLinkW
GetModuleFileNameA
FindNextFileA
lstrcpyW
InitializeCriticalSection
GetFileSizeEx
GlobalFix
CloseHandle
lstrlenA
GetSystemDefaultLCID
DeleteFileW
lstrcatA
GetSystemDirectoryA
GetLocaleInfoA
VirtualFree
CreateFileW
GetCurrentProcess
CopyFileA
Sleep
FindFirstFileA
CreateFileA
EnterCriticalSection
CreateFileMappingA
ReadFile
GetFullPathNameA
OpenProcess
VirtualAlloc
CommConfigDialogA
SetCommConfig
GetSystemDirectoryW
GetConsoleAliasesLengthA
SetFileShortNameW
GetLastError
WriteFile
DeleteFileA
FindNextVolumeMountPointA
ReadFileScatter
SetInformationJobObject
CreateSemaphoreA
DuplicateHandle
MoveFileExW
lstrcatW
GetDefaultCommConfigW
lstrcpyA
SetConsoleCtrlHandler
GetModuleHandleExA
GetTickCount
GetFileAttributesExW
GetProcAddress
GetWindowsDirectoryA
FindClose
LeaveCriticalSection
GetModuleHandleA
EnumDateFormatsW

advapi32

OpenSCManagerA
AddUsersToEncryptedFile
RegOpenKeyA
EnumServicesStatusA
RegSetValueExA
OpenProcessToken
AdjustTokenPrivileges
RegCreateKeyA
CloseServiceHandle
LsaQueryTrustedDomainInfoByName
SetEntriesInAccessListW
RegCloseKey
LookupPrivilegeValueA
RegSaveKeyExA
ReportEventW
RegQueryValueExA

ntdll

wcsstr
NtQuerySystemInformation
NtQueryObject
isspace
ZwLoadDriver
_chkstk
vsprintf
strstr
isdigit
RtlAnsiStringToUnicodeString
memcpy
strncmp
RtlFreeUnicodeString
tolower
sprintf
memset
strlen
RtlInitAnsiString

psapi

GetProcessImageFileNameA
EnumProcesses

ws2_32

gethostbyname
freeaddrinfo
htons
WSAAsyncSelect
htonl
connect
select
closesocket
send
socket
recv
__WSAFDIsSet
WSANSPIoctl
getservbyname
WSAStartup
WSADuplicateSocketW

ole32

CoCreateGuid

user32

GetKeyboardLayoutNameA
ExitWindowsEx
CharLowerW

Sections

.data
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 405B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

915dad2f24e85fe1031b511077cd0cf6

Headers

File Characteristics

Imports

shell32

kernel32

advapi32

ntdll

psapi

ws2_32

ole32

user32

Sections

.data Size: 20KB - Virtual size: 20KB

.text Size: 512B - Virtual size: 405B

.idata Size: 3KB - Virtual size: 2KB

.data
Size: 20KB - Virtual size: 20KB

.text
Size: 512B - Virtual size: 405B

.idata
Size: 3KB - Virtual size: 2KB