83046a96830cb7f1757f789e7ce7786a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

83046a96830cb7f1757f789e7ce7786a_JaffaCakes118
Size

251KB
MD5

83046a96830cb7f1757f789e7ce7786a
SHA1

9b96c55fb858f3dfd88dc95e298d799bc5f6ef0b
SHA256

e3dde65f55b94e9a91fddd395c183721c19899ec0e3a4ec8e45be476be375cd5
SHA512

4a2e7d02f81a6ab9b646c649d5020df107889db5ecaedfc95d880bfc825524020e2b6efa49dea7c226b8a0ab7944e8eec8e2bbd68eeb360b22ee3e79a88fdc56
SSDEEP

3072:0ES9nbDTU2g4sGC94zz7JWzGncye3ylei7EZovoq8URz3fRaZX6fnvry3dqRAefi:0ESpbDTUFETw2mnq8UR9yX6fvG3y7TTe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
83046a96830cb7f1757f789e7ce7786a_JaffaCakes118

Files

83046a96830cb7f1757f789e7ce7786a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

731f172583621256866c9a8daa2aa262

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoCreateInstance
CoUninitialize
OleRun
CoTaskMemFree
CoInitialize

kernel32

IsDebuggerPresent
GetLocalTime
GetProcessHeap
GetPrivateProfileStringW
GetFileSize
UnmapViewOfFile
FormatMessageW
WaitForMultipleObjects
OutputDebugStringA
DeleteFileW
SetUnhandledExceptionFilter
GetTempPathW
TlsFree
TlsGetValue
lstrcpyW
GetDateFormatW
LocalFree
LoadLibraryExW
WaitForSingleObject
EnterCriticalSection
GetPrivateProfileIntW
SetFilePointer
OpenProcess
LeaveCriticalSection
FindNextFileW
CreateFileMappingW
MapViewOfFile
FindFirstFileW
CreateMutexW
lstrcpynW
TlsSetValue
FindClose
GetCurrentThreadId
SetLastError
TlsAlloc
CloseHandle
GetModuleHandleW
lstrlenW
DeleteCriticalSection
OpenEventW
HeapFree
FreeLibrary
CreateFileW
ReadFile
CreateEventW
DeviceIoControl
UnhandledExceptionFilter
CreateProcessW
ResetEvent
WriteFile
CreateDirectoryW
GetSystemTimeAsFileTime
GetTimeFormatW
VirtualAllocEx

ws2_32

send
gethostbyname
bind
WSAEventSelect
htons
socket
WSAWaitForMultipleEvents
inet_addr
connect
htonl
ntohs
gethostname
WSAAccept
listen
closesocket
recv
WSAStartup
shutdown
WSACleanup
WSAGetLastError
WSASetEvent
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents

advapi32

SetServiceStatus
SetSecurityDescriptorDacl
BuildExplicitAccessWithNameW
SetEntriesInAclW
StartServiceCtrlDispatcherW
InitializeSecurityDescriptor
SetSecurityInfo
AdjustTokenPrivileges
OpenSCManagerW
RegCloseKey
GetSecurityInfo
DeleteService
OpenProcessToken
CloseServiceHandle
QueryServiceStatus
StartServiceW
LookupAccountSidW
OpenServiceW
RegOpenKeyExW
RegisterServiceCtrlHandlerW
GetSecurityDescriptorDacl
RegQueryValueExW
RegConnectRegistryW
GetTokenInformation
ConvertStringSecurityDescriptorToSecurityDescriptorW
LookupPrivilegeValueW
CreateProcessAsUserW
CreateServiceW
ControlService
ConvertStringSidToSidW
DuplicateTokenEx
GetUserNameW
SetTokenInformation

urlmon

FindMimeFromData

user32

LoadStringW
wsprintfW

mscms

CreateProfileFromLogColorSpaceW
UnregisterCMMW
InternalGetPS2CSAFromLCS
OpenColorProfileA
InstallColorProfileW
SetColorProfileHeader

zipfldr

DllGetClassObject
RouteTheCall

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.YDee
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.yfOok
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.jRe
Size: 512B - Virtual size: 382B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xMC
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Qq
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.CrDK
Size: 512B - Virtual size: 315B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 211KB - Virtual size: 493KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aI
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

731f172583621256866c9a8daa2aa262

Headers

DLL Characteristics

File Characteristics

Imports

ole32

kernel32

ws2_32

advapi32

urlmon

user32

mscms

zipfldr

Sections

.text Size: 17KB - Virtual size: 16KB

.YDee Size: 2KB - Virtual size: 3KB

.yfOok Size: 2KB - Virtual size: 3KB

.jRe Size: 512B - Virtual size: 382B

.xMC Size: 1024B - Virtual size: 1KB

.Qq Size: 1KB - Virtual size: 2KB

.rdata Size: 3KB - Virtual size: 3KB

.CrDK Size: 512B - Virtual size: 315B

.data Size: 211KB - Virtual size: 493KB

.aI Size: 1KB - Virtual size: 2KB

.rsrc Size: 9KB - Virtual size: 9KB

.text
Size: 17KB - Virtual size: 16KB

.YDee
Size: 2KB - Virtual size: 3KB

.yfOok
Size: 2KB - Virtual size: 3KB

.jRe
Size: 512B - Virtual size: 382B

.xMC
Size: 1024B - Virtual size: 1KB

.Qq
Size: 1KB - Virtual size: 2KB

.rdata
Size: 3KB - Virtual size: 3KB

.CrDK
Size: 512B - Virtual size: 315B

.data
Size: 211KB - Virtual size: 493KB

.aI
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 9KB - Virtual size: 9KB