859971418569622ab830293586ebcf94_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

859971418569622ab830293586ebcf94_JaffaCakes118
Size

56KB
MD5

859971418569622ab830293586ebcf94
SHA1

9f6aa9b59e5340fcdf03d3b448fc834f2ec595d7
SHA256

d7d7e35566cc58400485a389973f7fb76f78dbbd99a78047ff9d677f43c348ed
SHA512

3f78045c317246246423a176dec2a816c3c252c0d0af41ca5b897cf504410073ebd8719c414c08505c702121d41c4f9995af9f54646d82b4090fc700e0dc903f
SSDEEP

768:7sVStfKkm2qVYpCJPTZ5PzdsBWXL/V8H4wb+ekem7:652ePTr4WXL/W4wb8R7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
859971418569622ab830293586ebcf94_JaffaCakes118

Files

859971418569622ab830293586ebcf94_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6d85c12e7b833f2d89f9a3c0a0fac9bc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MoveFileW
GetShortPathNameW
GetExitCodeThread
RemoveDirectoryW
GetWindowsDirectoryW
SetUnhandledExceptionFilter
CreateDirectoryW
lstrcpynA
lstrlenA
GetFullPathNameA
lstrcpynW
lstrlenW
FreeLibrary
WaitForSingleObject
CreateEventW
GetCurrentThreadId
GetModuleHandleW
GetProcAddress

user32

PeekMessageW

advapi32

EqualSid
SetThreadToken
DuplicateToken
RegDeleteValueW
RegSetValueExW
RegCloseKey
RegCreateKeyExW
RegQueryValueExW
RegEnumKeyExW
RegOpenKeyExW
AllocateAndInitializeSid
GetTokenInformation
OpenThreadToken
FreeSid
RegDeleteKeyW
RegDeleteKeyA
RegEnumValueW
RegEnumKeyW
RegUnLoadKeyW
RegLoadKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
DuplicateTokenEx
RevertToSelf

shell32

SHGetDesktopFolder

resutils

ResUtilVerifyService
ResUtilStartResourceService
ClusWorkerStart
ResUtilEnumPrivateProperties
ResUtilGetResourceNameDependency
ResUtilSetResourceServiceStartParameters
ClusWorkerTerminate

kbdhu1

KbdLayerDescriptor

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.I
Size: 4KB - Virtual size: 627KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.VG
Size: 3KB - Virtual size: 600KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Tazf
Size: 6KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.fIpzcl
Size: 3KB - Virtual size: 573KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.QCpvw
Size: 4KB - Virtual size: 1015KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 332KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.DImWtk
Size: 3KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Rdx
Size: 6KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6d85c12e7b833f2d89f9a3c0a0fac9bc

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

resutils

kbdhu1

Sections

.text Size: 18KB - Virtual size: 17KB

.I Size: 4KB - Virtual size: 627KB

.rdata Size: 2KB - Virtual size: 29KB

.VG Size: 3KB - Virtual size: 600KB

.Tazf Size: 6KB - Virtual size: 84KB

.fIpzcl Size: 3KB - Virtual size: 573KB

.QCpvw Size: 4KB - Virtual size: 1015KB

.data Size: 7KB - Virtual size: 332KB

.DImWtk Size: 3KB - Virtual size: 13KB

.Rdx Size: 6KB - Virtual size: 41KB

.rsrc Size: 2KB - Virtual size: 2KB

.text
Size: 18KB - Virtual size: 17KB

.I
Size: 4KB - Virtual size: 627KB

.rdata
Size: 2KB - Virtual size: 29KB

.VG
Size: 3KB - Virtual size: 600KB

.Tazf
Size: 6KB - Virtual size: 84KB

.fIpzcl
Size: 3KB - Virtual size: 573KB

.QCpvw
Size: 4KB - Virtual size: 1015KB

.data
Size: 7KB - Virtual size: 332KB

.DImWtk
Size: 3KB - Virtual size: 13KB

.Rdx
Size: 6KB - Virtual size: 41KB

.rsrc
Size: 2KB - Virtual size: 2KB