8b1fe6b8c7fa3e56f6a4db5f76947274_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8b1fe6b8c7fa3e56f6a4db5f76947274_JaffaCakes118
Size

152KB
MD5

8b1fe6b8c7fa3e56f6a4db5f76947274
SHA1

ed0dd4381818520b5d91652196ce8c25ceb44632
SHA256

9a540958caa710b0801a4c4a4918bf2ac5afa9e04d08e1c66d21bec1d30bf98a
SHA512

51db2891d8e52adee7afc224cb7c47a1dfbe7f2f9416bf2e45c181a7a8f11214b85c37383ccc2a6b841dd9318c96d85bd7b371ae1c04c819b12d490d063fe7b3
SSDEEP

3072:nU7FShPHVzGctUm9tr851uePf5P/IhHOf/pZ/NUNkSPQ1ymbmeFtPlPYsRS/Qe1I:nUsH5B9WXviOJZ/N8kSo1DbTNPLSQeK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8b1fe6b8c7fa3e56f6a4db5f76947274_JaffaCakes118

Files

8b1fe6b8c7fa3e56f6a4db5f76947274_JaffaCakes118
.exe windows:5 windows x86 arch:x86

279be77b6c94195ad0ed070782af9af8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RemoveDirectoryA
GetSystemDirectoryA
DeleteFileA
MoveFileA
GetUserDefaultLangID
MoveFileExA
DeleteCriticalSection
SetEvent
GetProcessHeap
GetProcAddress
DosDateTimeToFileTime
GetDriveTypeA
SetErrorMode
MoveFileA
BackupWrite
GetVersionExA
EnterCriticalSection
ExitProcess
GetFileAttributesA
VirtualQuery
SetThreadAffinityMask
FindFirstFileA
CopyFileA
QueryDosDeviceA
SetEndOfFile
ExpandEnvironmentStringsA
GetCurrentProcessId
GetCommandLineA
Sleep
TerminateProcess
FindNextFileA
GetCurrentDirectoryA
CreateProcessA
SetLastError
HeapFree
GetFileSize
WideCharToMultiByte
SetEvent
SetFileAttributesA
lstrcpynA
OpenEventA
SetComputerNameA
FindClose
LeaveCriticalSection
GetCurrentThreadId
GetSystemTime
GetExitCodeProcess
LocalFileTimeToFileTime
HeapAlloc
QueryPerformanceCounter
GetSystemTimeAsFileTime
CreateFileA
GetTickCount
FreeLibrary
GetDiskFreeSpaceA
SetUnhandledExceptionFilter
SystemTimeToFileTime
ReadFile
SetFileTime
CreateEventA
WriteFile
CloseHandle
CreateThread
DeviceIoControl
SetFilePointer

advapi32

InitializeAcl
AllocateAndInitializeSid
CryptReleaseContext
CryptGenRandom
OpenProcessToken
GetLengthSid
CryptAcquireContextA
SetSecurityDescriptorDacl
GetTokenInformation
AddAccessAllowedAce
InitiateSystemShutdownA
InitializeSecurityDescriptor

ntdll

NtClose
NtAdjustPrivilegesToken
NtOpenProcessToken
NtShutdownSystem

shell32

SHGetPathFromIDListA
SHBrowseForFolderA

user32

LoadStringA
EndDialog
ShowWindow
DialogBoxParamA
MessageBoxA
SetParent
SendDlgItemMessageA
SendMessageA

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hojek
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 132KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

279be77b6c94195ad0ed070782af9af8

Headers

File Characteristics

Imports

kernel32

advapi32

ntdll

shell32

user32

Sections

.text Size: 6KB - Virtual size: 6KB

.data Size: 8KB - Virtual size: 10KB

.hojek Size: 4KB - Virtual size: 3KB

.edata Size: 132KB - Virtual size: 147KB

.text
Size: 6KB - Virtual size: 6KB

.data
Size: 8KB - Virtual size: 10KB

.hojek
Size: 4KB - Virtual size: 3KB

.edata
Size: 132KB - Virtual size: 147KB