62c40af7d10c87c174c9d4a3426137c2_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

62c40af7d10c87c174c9d4a3426137c2_JaffaCakes118
Size

43KB
MD5

62c40af7d10c87c174c9d4a3426137c2
SHA1

6441460ba119ca0888d8cfb8ad39ae5d0b56badf
SHA256

8e92019c988f5b558736bf34c2d3f61f106a817f37687f21dbf0bb20a813b4d5
SHA512

7737f9c2edffe0877b88bec34ea304a9e48f607987660e28d90c31cc4b9f9f179c8178e3a7b6c9b4dad31d0509fd4c1ab7a9702468612583db2c50b248044033
SSDEEP

768:c0fTylIbANfiYM8fUlcVoUUzNQP+3Jn01yXp/dNGXZF4VZ:cEAN71UlcVoUUzNv3e1SpKF4V

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
62c40af7d10c87c174c9d4a3426137c2_JaffaCakes118

Files

62c40af7d10c87c174c9d4a3426137c2_JaffaCakes118
.exe windows:6 windows x86 arch:x86

6a6cf153b58681e3ace0624894412ce8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

gpupdate.pdb

Imports

advapi32

InitiateSystemShutdownExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken

kernel32

lstrlenW
InterlockedExchange
InterlockedCompareExchange
SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
FormatMessageW
GetLastError
WaitForMultipleObjects
CreateThread
CloseHandle
LocalFree
GetCurrentProcess
GetModuleHandleW
SetThreadUILanguage
GetConsoleOutputCP
HeapSetInformation
LocalReAlloc
LocalAlloc
Sleep

msvcrt

getwchar
towupper
_wsetlocale
_ultow
wprintf
_wcsicmp
__wgetmainargs
_vsnwprintf
_wcsnicmp
wcstol
_controlfp
_except_handler4_common
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
exit
_XcptFilter
_exit
_cexit

user32

ExitWindowsEx
LoadStringW

userenv

ForceSyncFgPolicy

ntdll

RtlLengthSid
RtlConvertSidToUnicodeString
NtQueryInformationToken
RtlCopySid

gpapi

ord115

wevtapi

EvtOpenPublisherMetadata
EvtNext
EvtFormatMessage
EvtQuery
EvtClose

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

cemrvds
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6a6cf153b58681e3ace0624894412ce8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcrt

user32

userenv

ntdll

gpapi

wevtapi

Sections

.text Size: 10KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 29KB - Virtual size: 30KB

cemrvds Size: - Virtual size: 4KB

.text
Size: 10KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 29KB - Virtual size: 30KB

cemrvds
Size: - Virtual size: 4KB