683056958b58ca8502075556fc82589e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

683056958b58ca8502075556fc82589e_JaffaCakes118
Size

63KB
MD5

683056958b58ca8502075556fc82589e
SHA1

347697352eadebd8f8040ec1f46eab4bc4b429ea
SHA256

2f4fc290a1b7ac8b02f83b25b1ea760f1b4ae4f18526151efa84d2799aa41d84
SHA512

fa2bfe83c1081f13eabc6eb299a9a065826f91336a7ed46850eb877bd99b0935ea2412522e66b60482a5252b8b4d242e86c87e1920fb296d0bf2697e8880d97e
SSDEEP

768:rBwTBXmzIE1TeK7qcXE9BRR3sAjaM4UnxgFbs5WOGfVUnDB/ZJxi9rrsAg:rESscwRR3bjaM4CyAwOGfVepU9g

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
683056958b58ca8502075556fc82589e_JaffaCakes118

Files

683056958b58ca8502075556fc82589e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8c3e188ea775f38d2c8de127a307dd0f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

RpcServerRegisterAuthInfoA
UuidToStringA
UuidFromStringA
NdrServerCall2
NdrClientCall2
RpcBindingFree
RpcStringBindingComposeA
RpcBindingFromStringBindingA
RpcMgmtIsServerListening
RpcStringFreeA
RpcServerUseProtseqEpA
RpcServerRegisterIf
RpcMgmtStopServerListening
RpcServerUnregisterIf
RpcServerListen
UuidCreate

kernel32

CreateDirectoryW
SystemTimeToFileTime
WaitForSingleObject
GetVersionExA
CreateMutexA
GetModuleFileNameA
GetModuleHandleA
SetEvent
SleepEx
FileTimeToSystemTime
Sleep
CreateEventA
LoadLibraryA
SetCurrentDirectoryA
lstrcmpiA
MultiByteToWideChar
GetEnvironmentVariableA
GetFileAttributesW
CopyFileA
lstrlenA
LocalAlloc
LocalFree
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetComputerNameA
OpenMutexA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeLibrary
GetLastError
InitializeCriticalSection
GetTickCount
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
RaiseException
SetUnhandledExceptionFilter
IsDebuggerPresent
GetFileAttributesA
GetProcessHeap
TlsAlloc
ExitProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapCreate
GetStartupInfoA
GetModuleHandleW
GetProcAddress

user32

wsprintfA

advapi32

SetSecurityDescriptorDacl
InitializeAcl
AddAccessAllowedAce
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
SetFileSecurityW
IsValidSecurityDescriptor
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
InitializeSecurityDescriptor

userenv

RefreshPolicy
EnterCriticalPolicySection
LoadUserProfileA
ProcessGroupPolicyCompleted
GetProfileType
RsopAccessCheckByType
RsopFileAccessCheck
GetUserProfileDirectoryW
CreateEnvironmentBlock
RefreshPolicyEx
GetProfilesDirectoryA
WaitForUserPolicyForegroundProcessing

mciwave

DriverProc

Sections

.icode
Size: 1024B - Virtual size: 516B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.xFkQAr
Size: 3KB - Virtual size: 618KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 10KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ak
Size: 4KB - Virtual size: 398KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 277KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 11KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8c3e188ea775f38d2c8de127a307dd0f

Headers

File Characteristics

Imports

rpcrt4

kernel32

user32

advapi32

userenv

mciwave

Sections

.icode Size: 1024B - Virtual size: 516B

.text Size: 17KB - Virtual size: 17KB

.xFkQAr Size: 3KB - Virtual size: 618KB

.rdata Size: 3KB - Virtual size: 6KB

.edata Size: 10KB - Virtual size: 34KB

.ak Size: 4KB - Virtual size: 398KB

.data Size: 8KB - Virtual size: 277KB

.edata Size: 11KB - Virtual size: 71KB

.rsrc Size: 2KB - Virtual size: 1KB

.icode
Size: 1024B - Virtual size: 516B

.text
Size: 17KB - Virtual size: 17KB

.xFkQAr
Size: 3KB - Virtual size: 618KB

.rdata
Size: 3KB - Virtual size: 6KB

.edata
Size: 10KB - Virtual size: 34KB

.ak
Size: 4KB - Virtual size: 398KB

.data
Size: 8KB - Virtual size: 277KB

.edata
Size: 11KB - Virtual size: 71KB

.rsrc
Size: 2KB - Virtual size: 1KB