8aa64784b5877419514711c7d122d9c2_JaffaCakes118

General

Target

8aa64784b5877419514711c7d122d9c2_JaffaCakes118
Size

144KB
MD5

8aa64784b5877419514711c7d122d9c2
SHA1

ad426ffa1b7d45c6296a6ae438c4ad75496211d7
SHA256

467cc72e86de31cf70d43cc810b4d3053672eaea8d7c1f4d0c39001f1ee84ec5
SHA512

5fdfb987284939890bf32da8df88b24764416f186f132d0ea55d3ddf3d29e3ee9701f96b95d21b1aae231342c2c4b811ebae5ee1edd94055839e3ef6030a98cb
SSDEEP

1536:yE9z79KaRkT78DlwXK36gK3UKJFLYDvZeXPipTxtJBcH5KRsPVlt6qa1jhxNffz2:yIYykT7HK3o3UKJtYLc/kVt8HwskTNz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8aa64784b5877419514711c7d122d9c2_JaffaCakes118

Files

8aa64784b5877419514711c7d122d9c2_JaffaCakes118
.dll .ps1 windows:4 windows x86 arch:x86 polyglot

5a8c09d1af2c7b6122babaa7bd7b6ec9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetSystemTimeAdjustment
GetConsoleAliasExesLengthA
DisconnectNamedPipe
IsValidLocale
GetComputerNameA
GetEnvironmentStringsA
ExitVDM
GetModuleHandleA
SetEvent
GetCommandLineA
GetProcessTimes
CreatePipe
GetConsoleAliasesA
GetCPInfo
WriteConsoleOutputCharacterA
VirtualAlloc
FindNextVolumeMountPointA
GetSystemWindowsDirectoryA
GlobalGetAtomNameA
DebugBreak
FindFirstFileExW
LZOpenFileA
GetConsoleAliasExesW
GetThreadContext
ReadConsoleInputA
ReleaseMutex
lstrlenA
GetModuleHandleA
InterlockedDecrement
SetCommState
GetOEMCP
PulseEvent
ChangeTimerQueueTimer
SetFileAttributesA
UnregisterWaitEx
FindFirstVolumeMountPointA
PeekConsoleInputA
SizeofResource
GetTempPathA
GetFileSize
IsProcessorFeaturePresent
lstrlenA
ReleaseSemaphore
GetProfileIntA
IsBadWritePtr
DeleteTimerQueueEx
ReadConsoleOutputCharacterA
ReplaceFileA
FindAtomA
GetSystemTimeAsFileTime
SetConsolePalette
Heap32ListFirst
GetWriteWatch
GetVolumeNameForVolumeMountPointA
CompareStringA
MultiByteToWideChar
ExpandEnvironmentStringsA
GetTapeParameters
Module32First
GetProcessShutdownParameters
GetThreadTimes
CopyFileExW
GetPrivateProfileIntA
GetConsoleTitleA
DeleteTimerQueueTimer

wininet

FtpSetCurrentDirectoryW
FtpSetCurrentDirectoryW

winmm

timeBeginPeriod
timeGetTime

Exports

Exports

CreateNhuqcfi
CloseKpgptle
Akcqfretbuy
ReadPesktdnacrw
Gmytkjp
OpenVjrgqseuek
SetYtiaalndiy
Sgmpxxyalif

Sections

.idata
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 132KB - Virtual size: 181KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5a8c09d1af2c7b6122babaa7bd7b6ec9

Headers

File Characteristics

Imports

kernel32

wininet

winmm

Exports

Exports

Sections

.idata Size: - Virtual size: 3KB

.text Size: 132KB - Virtual size: 181KB

.idata Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 2KB

.idata
Size: - Virtual size: 3KB

.text
Size: 132KB - Virtual size: 181KB

.idata
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 2KB