6616ae82d8a5e4afda3f1fa95319881d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6616ae82d8a5e4afda3f1fa95319881d_JaffaCakes118
Size

389KB
MD5

6616ae82d8a5e4afda3f1fa95319881d
SHA1

c064e6e20834f964e73cf83f3602d4731c369496
SHA256

b83c8ac8ec9d5f33e4870132dc8c21050a4dfa67b69889dbf25b26ca4c9abb78
SHA512

31c90b1f6805a9e41feea2cac26f0ef983faefa15ebb8928cce1c6b1323e27e1283c2481da813e0a7a74e532a358c423330866890497ad03a1d21f7e594a3858
SSDEEP

12288:6h+vhldUvXPoA3q1Jj4xpjbZK4hT/eM6I:M2h0vXfojGjPTj6I

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6616ae82d8a5e4afda3f1fa95319881d_JaffaCakes118

Files

6616ae82d8a5e4afda3f1fa95319881d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2290c45c11abd0e779d9ee8c4733a132

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThread
CreateEventA
lstrlenW
Sleep
VirtualFree
VirtualAlloc
GetExitCodeProcess
InterlockedExchange
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FreeLibrary
lstrcpyW
CreateThread
SetErrorMode
SetLastError
CreateFileW
lstrcpynW
WriteFile
ResetEvent
GetOverlappedResult
CancelIo
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
GetModuleHandleA
SetEvent
GetTickCount
lstrcmpiW
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
LoadLibraryW
GetProcAddress
VirtualProtect
WaitForSingleObject
CreateEventW
WaitForMultipleObjects
GetLastError
CloseHandle
LocalAlloc
LocalFree
GlobalAlloc
GlobalFree
lstrcmpW
GetStartupInfoA

user32

wsprintfW
LoadStringW
CharNextW
CharPrevW

advapi32

GetLengthSid
RegSetValueExW
SetThreadToken
OpenThreadToken
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
InitializeAcl
GetSidSubAuthority
InitializeSid
CreateProcessAsUserW
RegQueryValueExW
DuplicateTokenEx
GetSidLengthRequired
CheckTokenMembership
RegOpenKeyExW
RegCloseKey

msvcrt

memset
wcschr
_wcsicmp
wcsstr
_wcslwr
wcsrchr
tolower
free
_initterm
_amsg_exit
_adjust_fdiv
_strupr
wcslen
_wcsnicmp
__dllonexit
_onexit
_exit
_XcptFilter
exit
_acmdln
__getmainargs
__setusermatherr
__p__commode
__p__fmode
__set_app_type
_controlfp
memcpy
??3@YAXPAX@Z
??2@YAPAXI@Z
_except_handler3
time
__CxxFrameHandler
_vsnprintf

msvcp60

?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 351KB - Virtual size: 701KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2290c45c11abd0e779d9ee8c4733a132

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

msvcp60

Sections

.text Size: 32KB - Virtual size: 32KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 351KB - Virtual size: 701KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 32KB - Virtual size: 32KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 351KB - Virtual size: 701KB

.rsrc
Size: 1KB - Virtual size: 1KB