78eb4a437f0dd29766137ea7b12b3ae6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

78eb4a437f0dd29766137ea7b12b3ae6_JaffaCakes118
Size

119KB
MD5

78eb4a437f0dd29766137ea7b12b3ae6
SHA1

bd14cdbb4810b6e79bb879d22d9cf559af58b9aa
SHA256

90364da542b481680b2e2f9e48328c8321fa5eb7bace126f9426183691831d64
SHA512

7239892635bede569f395bdb555c41f9e2e4c0c5075fc7ad3e10bfcf34668a76922626353c3fa96570343ffc5c41b24f14ca91bbfbf1d2e3cc9a51d9f84b9907
SSDEEP

3072:hzsJetFwcNnHQtsh3jdpR2B4WCzMJ08QzvmA:hjUcNe4pRAuUQN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
78eb4a437f0dd29766137ea7b12b3ae6_JaffaCakes118

Files

78eb4a437f0dd29766137ea7b12b3ae6_JaffaCakes118
.exe windows:1 windows x86 arch:x86

faaaa4c5943963461ce5701e0477e419

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

ShellExecuteW

kernel32

lstrcpyW
GetLocaleInfoA
VirtualFree
WriteFile
FindClose
FindFirstFileA
GetEnvironmentStringsA
QueueUserAPC
EnumUILanguagesA
CreateFileW
GetCurrentProcess
InitializeCriticalSection
GetModuleHandleA
OpenProcess
GetWindowsDirectoryW
GetTickCount
SetTapeParameters
EnterCriticalSection
DeleteVolumeMountPointA
GetLastError
CreateFileA
GetProcAddress
CloseHandle
EnumCalendarInfoExA
GetSystemDefaultLCID
lstrcatW
GetTimeFormatW
GetModuleFileNameA
Sleep
lstrcpyA
CopyFileA
GetSystemDirectoryW
BaseCleanupAppcompatCache
GetWindowsDirectoryA
SetDefaultCommConfigA
SetConsoleTitleA
GetVolumeNameForVolumeMountPointA
lstrcatA
FindNextFileA
CreateSemaphoreA
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
ReadFile
GetSystemDirectoryA
VirtualAlloc
DeleteFileA
SearchPathW
GetTapePosition
TerminateProcess
QueryDepthSList
DeleteFileW
BaseUpdateAppcompatCache
lstrlenA
GetFileSizeEx
DuplicateHandle

advapi32

RegQueryValueExA
AdjustTokenPrivileges
EqualSid
RegOpenKeyA
LookupPrivilegeValueA
RegCloseKey
WmiGetTraceHeader
SetSecurityDescriptorOwner
EnumServicesStatusA
LsaAddPrivilegesToAccount
RegCreateKeyA
OpenSCManagerA
EncryptionDisable
CloseServiceHandle
RegSetValueExA
OpenProcessToken

ntdll

_chkstk
strlen
RtlInitAnsiString
RtlAnsiStringToUnicodeString
memcpy
tolower
isspace
strncmp
NtQueryObject
sprintf
isdigit
memset
wcsstr
RtlFreeUnicodeString
vsprintf
NtQuerySystemInformation
strstr
ZwLoadDriver

psapi

EnumProcesses
GetProcessImageFileNameA

ws2_32

htonl
send
closesocket
connect
select
WSACloseEvent
WSCEnableNSProvider
WSASetEvent
gethostbyname
socket
WSAStartup
WSAAddressToStringW
htons
__WSAFDIsSet
recv
WSARecvFrom

ole32

CoCreateGuid

user32

ExitWindowsEx
RemovePropW
CharLowerW

Sections

.data
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 406B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

faaaa4c5943963461ce5701e0477e419

Headers

File Characteristics

Imports

shell32

kernel32

advapi32

ntdll

psapi

ws2_32

ole32

user32

Sections

.data Size: 21KB - Virtual size: 21KB

.text Size: 512B - Virtual size: 406B

.idata Size: 3KB - Virtual size: 2KB

.data
Size: 21KB - Virtual size: 21KB

.text
Size: 512B - Virtual size: 406B

.idata
Size: 3KB - Virtual size: 2KB