8b94202abfc5576c41f3b867b53035ee_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8b94202abfc5576c41f3b867b53035ee_JaffaCakes118
Size

64KB
MD5

8b94202abfc5576c41f3b867b53035ee
SHA1

782c66883cbc0530055403d9d3c02c96091bfd81
SHA256

b523614ddc2cd047a0371fbabc9312a610aafa9cc752094654c2f58659fb6134
SHA512

8748ca6b58f6b427b78a1139d20a572b1a4763a4778272f901cd86e2b65e59c2f1993d36eb223e9e3b596040a456346ab470fd78b108390be903f70a46d5ecb9
SSDEEP

1536:yVNVK+AdfE2FMCtvalbYq+oOUDrrOzjV+:yXVK+C3FbAaqnrT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8b94202abfc5576c41f3b867b53035ee_JaffaCakes118

Files

8b94202abfc5576c41f3b867b53035ee_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8128e4c3e398ab4c4083211b37c9157e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

GetLengthSid
OpenProcessToken
CryptGenRandom
AllocateAndInitializeSid
InitiateSystemShutdownA
InitializeSecurityDescriptor
InitializeAcl
SetSecurityDescriptorDacl
AddAccessAllowedAce
CryptAcquireContextA
CryptReleaseContext
GetTokenInformation

msvcrt

strchr
sprintf

kernel32

GetUserDefaultUILanguage
GetProcessHeap
GetDriveTypeA
GetSystemTimeAsFileTime
CreateThread
RemoveDirectoryA
CreateProcessA
ExpandEnvironmentStringsA
CreateEventA
GetModuleFileNameA
GetSystemTime
GetCurrentThreadId
FreeLibrary
SetEvent
LeaveCriticalSection
GetCurrentProcessId
HeapFree
DeleteCriticalSection
GetThreadPriority
MoveFileExA
WriteFile
GetFileAttributesA
GetCommandLineA
GetDiskFreeSpaceA
ExitProcess
LocalFileTimeToFileTime
SetErrorMode
CopyFileA
SetFileAttributesA
GetProcAddress
SetFileTime
CreateEventW
CreateDirectoryA
QueryDosDeviceA
CloseHandle
OpenEventA
QueryPerformanceCounter
DosDateTimeToFileTime
WaitForMultipleObjects
SystemTimeToFileTime
GetExitCodeProcess
GetFileSize
SetEndOfFile
GetSystemDirectoryA
DeviceIoControl
CreateFileA
SetFilePointer
DeleteFileA
TerminateProcess
FindNextFileA
SetUnhandledExceptionFilter
SleepEx
LoadLibraryA
GetModuleHandleA
GetVersionExA
WaitForSingleObject
EnterCriticalSection
GetTickCount
GetCurrentDirectoryA
HeapAlloc
GetCurrentProcess
SetLastError
ReadFile
FindClose
Sleep
FindFirstFileA
MoveFileA
WideCharToMultiByte

user32

ShowWindow
SendDlgItemMessageA
SetParent
SendMessageA
LoadStringA
DialogBoxParamA
EndDialog
MessageBoxA

shell32

SHGetPathFromIDListA
SHBrowseForFolderA

ntdll

NtOpenProcessToken
NtAdjustPrivilegesToken
NtShutdownSystem
NtClose

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.etext
Size: 48KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

qfrdbbl
Size: - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ftjqkdg
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

gpadrzv
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

fytdotn
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sxmufup
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

hlozyer
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

bgodowi
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

vnrlcie
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

xzohryx
Size: - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8128e4c3e398ab4c4083211b37c9157e

Headers

File Characteristics

Imports

advapi32

msvcrt

kernel32

user32

shell32

ntdll

Sections

.text Size: 7KB - Virtual size: 7KB

.data Size: 5KB - Virtual size: 9KB

.rsrc Size: 2KB - Virtual size: 1KB

.etext Size: 48KB - Virtual size: 75KB

qfrdbbl Size: - Virtual size: 60KB

ftjqkdg Size: - Virtual size: 32KB

gpadrzv Size: - Virtual size: 32KB

fytdotn Size: - Virtual size: 32KB

sxmufup Size: - Virtual size: 32KB

hlozyer Size: - Virtual size: 32KB

bgodowi Size: - Virtual size: 32KB

vnrlcie Size: - Virtual size: 32KB

xzohryx Size: - Virtual size: 60KB

.text
Size: 7KB - Virtual size: 7KB

.data
Size: 5KB - Virtual size: 9KB

.rsrc
Size: 2KB - Virtual size: 1KB

.etext
Size: 48KB - Virtual size: 75KB

qfrdbbl
Size: - Virtual size: 60KB

ftjqkdg
Size: - Virtual size: 32KB

gpadrzv
Size: - Virtual size: 32KB

fytdotn
Size: - Virtual size: 32KB

sxmufup
Size: - Virtual size: 32KB

hlozyer
Size: - Virtual size: 32KB

bgodowi
Size: - Virtual size: 32KB

vnrlcie
Size: - Virtual size: 32KB

xzohryx
Size: - Virtual size: 60KB