8d43b9ea1a391f0a9b410f2e96408e36_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8d43b9ea1a391f0a9b410f2e96408e36_JaffaCakes118
Size

149KB
MD5

8d43b9ea1a391f0a9b410f2e96408e36
SHA1

b3103277f83114ef9baeb6352053903c1f7286d5
SHA256

ed9c9ee399ee55d224a92aaa82a83c7fd0f3afd72003d23ce599c25501266995
SHA512

06bf4a4a4cf93ac6608f7acdce7ff782006c60e0169a6dc5c98499d587057e496cf225a908403a48ccd6b6a594e8f9bcb5a1c5b0d5b52360d8496ab42269d19d
SSDEEP

3072:PwWBC2ngjD4GnO6p60tDmEh9OpLcgd5lBUcxfRNNsFt9vD4apE8Q:NngpnmS9zS7acxZNuvNNEd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8d43b9ea1a391f0a9b410f2e96408e36_JaffaCakes118

Files

8d43b9ea1a391f0a9b410f2e96408e36_JaffaCakes118
.exe windows:1 windows x86 arch:x86

be7e3fbb98d442ab0c804777470320d9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnterCriticalSection
CloseHandle
lstrcatA
lstrcatW
GetCurrentProcess
ReadFile
CreateFileA
WriteFile
SetComputerNameExW
FindNextFileA
DeleteFileW
InitializeCriticalSection
GlobalUnfix
lstrcpyA
Sleep
FindClose
OpenProcess
VirtualAlloc
GetWindowsDirectoryA
GetConsoleKeyboardLayoutNameA
CreateFileW
GetLastError
GetTickCount
LeaveCriticalSection
GetFileSizeEx
GetSystemDirectoryA
WaitCommEvent
UTRegister
GetProcessHandleCount
CreateProcessW
QueryWin31IniFilesMappedToRegistry
DosPathToSessionPathA
CreateSemaphoreA
lstrcpyW
EnumResourceTypesW
GetPrivateProfileSectionA
GetModuleHandleA
IsValidUILanguage
FindFirstFileA
GetModuleFileNameA
GetSystemDirectoryW
SetCriticalSectionSpinCount
RtlMoveMemory
GetGeoInfoA
DeleteVolumeMountPointA
GetProcAddress
GetSystemRegistryQuota
DuplicateHandle
CopyFileA
DeleteFileA
ValidateLocale
VirtualFree

advapi32

EnumServicesStatusA
GetInheritanceSourceW
OpenProcessToken
RegQueryValueExA
OpenSCManagerA
RegOpenKeyA
RegSetValueExA
LsaEnumerateAccountsWithUserRight
ElfOpenEventLogA
RegCreateKeyA
ElfOpenEventLogW
CryptImportKey
RegCloseKey
AdjustTokenPrivileges
CloseServiceHandle
LookupPrivilegeValueA

ntdll

vsprintf
RtlAnsiStringToUnicodeString
NtQueryObject
strlen
strstr
memcpy
isdigit
tolower
RtlInitAnsiString
memset
wcsstr
ZwLoadDriver
strncmp
_chkstk
sprintf
NtQuerySystemInformation
isspace
RtlFreeUnicodeString

ole32

CoCreateGuid

ws2_32

closesocket
FreeAddrInfoW
htons
WSAStartup
getnameinfo
socket
gethostbyname
connect
send
__WSAFDIsSet
WSASetServiceA
select
gethostbyname
recv
GetNameInfoW
htonl

psapi

GetProcessImageFileNameA
EnumProcesses

user32

ExitWindowsEx
CharLowerW
CharUpperW

Sections

.data
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 402B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

be7e3fbb98d442ab0c804777470320d9

Headers

File Characteristics

Imports

kernel32

advapi32

ntdll

ole32

ws2_32

psapi

user32

Sections

.data Size: 16KB - Virtual size: 15KB

.text Size: 512B - Virtual size: 402B

.idata Size: 3KB - Virtual size: 2KB

.data
Size: 16KB - Virtual size: 15KB

.text
Size: 512B - Virtual size: 402B

.idata
Size: 3KB - Virtual size: 2KB