8b48f59fb263b1b3ed5f9f2a8cd8fd26_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8b48f59fb263b1b3ed5f9f2a8cd8fd26_JaffaCakes118
Size

60KB
MD5

8b48f59fb263b1b3ed5f9f2a8cd8fd26
SHA1

e55a758d873dc5a3953ed9469ce78240ac5080da
SHA256

fe0874953206cd44807ce0aa386996f4bf903a7649922e94b1f985010f8293eb
SHA512

d93face31973625d4ac2b421e95862eb8f0693a901f19c60a15be9c8eb9131d5ee21a38fba2dbff0a0f081bc610d629e6942a71e0e3e4a6bc892f550f642ec59
SSDEEP

1536:rWfhYQJlmdPa53mTe7a6dF96j371OclPRl:rWfhXJlmdy7F396j371OclJl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8b48f59fb263b1b3ed5f9f2a8cd8fd26_JaffaCakes118

Files

8b48f59fb263b1b3ed5f9f2a8cd8fd26_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5d14c48d5874392006093f472d6dbce2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStringTypeW
LoadLibraryA
lstrlenA
SetConsoleCtrlHandler
GetModuleFileNameA
SetThreadPriority
CreateEventA
InterlockedIncrement
ReadFile
CreateNamedPipeA
WriteFile
DisconnectNamedPipe
FlushFileBuffers
InterlockedDecrement
WaitForSingleObject
GetExitCodeProcess
GetCurrentThread
GetProcessHeap
HeapAlloc
HeapFree
ConnectNamedPipe
SetEvent
GetCurrentProcess
Sleep
FormatMessageA
LocalFree
CloseHandle
GetLastError
SetLastError
GetStringTypeA
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
ResumeThread
CreateThread
TlsSetValue
ExitThread
ExitProcess
TerminateProcess
GetCommandLineA
GetVersion
InitializeCriticalSection
DeleteCriticalSection
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
GetCurrentThreadId
TlsAlloc
TlsGetValue
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetFilePointer
SetStdHandle
GetCPInfo
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetACP
GetOEMCP
GetProcAddress

user32

CloseDesktop
CloseWindowStation
GetUserObjectSecurity
SetUserObjectSecurity
OpenDesktopA
OpenWindowStationA

advapi32

LogonUserA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
ImpersonateNamedPipeClient
OpenThreadToken
RevertToSelf
DuplicateTokenEx
CreateProcessAsUserA
AllocateAndInitializeSid
SetEntriesInAclA
AddAccessAllowedAce
InitializeSecurityDescriptor
GetSecurityDescriptorDacl
GetAclInformation
InitializeAcl
GetAce
AddAce
EqualSid
SetSecurityDescriptorDacl
GetTokenInformation
GetLengthSid
CopySid
OpenProcessToken
DeleteService
ControlService
OpenSCManagerA
OpenServiceA
QueryServiceStatus
CreateServiceA
CloseServiceHandle

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5d14c48d5874392006093f472d6dbce2

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 28KB - Virtual size: 26KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 16KB - Virtual size: 18KB

.rsrc Size: 4KB - Virtual size: 952B

.text
Size: 28KB - Virtual size: 26KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 16KB - Virtual size: 18KB

.rsrc
Size: 4KB - Virtual size: 952B