8b52b9e949e2229d1fb2fc093ed80566_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8b52b9e949e2229d1fb2fc093ed80566_JaffaCakes118
Size

66KB
MD5

8b52b9e949e2229d1fb2fc093ed80566
SHA1

922495a421cfcec2657a243ef8ead863ca9f9cc7
SHA256

484a5ccce4721f8662a27bee548689eb698da0fb8d7604fbc11db531670e7b7e
SHA512

b758b7a2cf0921fbca8df4e05ae249e77060cd0496eafc67686fe2aa5042a4afdd5565301ff3553bee820dd11ca287c82e26f8dc4cec06ff234ec931fb356778
SSDEEP

1536:rWfhYQJlmdPa53mTe7a6dF96j371OclPRlWR0bR:rWfhXJlmdy7F396j371OclJlWRYR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8b52b9e949e2229d1fb2fc093ed80566_JaffaCakes118

Files

8b52b9e949e2229d1fb2fc093ed80566_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5d14c48d5874392006093f472d6dbce2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStringTypeW
LoadLibraryA
lstrlenA
SetConsoleCtrlHandler
GetModuleFileNameA
SetThreadPriority
CreateEventA
InterlockedIncrement
ReadFile
CreateNamedPipeA
WriteFile
DisconnectNamedPipe
FlushFileBuffers
InterlockedDecrement
WaitForSingleObject
GetExitCodeProcess
GetCurrentThread
GetProcessHeap
HeapAlloc
HeapFree
ConnectNamedPipe
SetEvent
GetCurrentProcess
Sleep
FormatMessageA
LocalFree
CloseHandle
GetLastError
SetLastError
GetStringTypeA
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
ResumeThread
CreateThread
TlsSetValue
ExitThread
ExitProcess
TerminateProcess
GetCommandLineA
GetVersion
InitializeCriticalSection
DeleteCriticalSection
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
GetCurrentThreadId
TlsAlloc
TlsGetValue
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetFilePointer
SetStdHandle
GetCPInfo
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetACP
GetOEMCP
GetProcAddress

user32

CloseDesktop
CloseWindowStation
GetUserObjectSecurity
SetUserObjectSecurity
OpenDesktopA
OpenWindowStationA

advapi32

LogonUserA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
ImpersonateNamedPipeClient
OpenThreadToken
RevertToSelf
DuplicateTokenEx
CreateProcessAsUserA
AllocateAndInitializeSid
SetEntriesInAclA
AddAccessAllowedAce
InitializeSecurityDescriptor
GetSecurityDescriptorDacl
GetAclInformation
InitializeAcl
GetAce
AddAce
EqualSid
SetSecurityDescriptorDacl
GetTokenInformation
GetLengthSid
CopySid
OpenProcessToken
DeleteService
ControlService
OpenSCManagerA
OpenServiceA
QueryServiceStatus
CreateServiceA
CloseServiceHandle

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5d14c48d5874392006093f472d6dbce2

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 28KB - Virtual size: 26KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 16KB - Virtual size: 18KB

.rsrc Size: 4KB - Virtual size: 952B

.text
Size: 28KB - Virtual size: 26KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 16KB - Virtual size: 18KB

.rsrc
Size: 4KB - Virtual size: 952B