8daaaf7612b18c7c9dfa3c10e0c783b7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8daaaf7612b18c7c9dfa3c10e0c783b7_JaffaCakes118
Size

619KB
MD5

8daaaf7612b18c7c9dfa3c10e0c783b7
SHA1

21bda330a161c0d2a0569c45c6aad000c12cc5fe
SHA256

1bfb68bf0dd0362711d24bff655945b89e7da5b5be60130c209cdc021a1f78a4
SHA512

582bb141cfdffa65755238a4a7d45739adf6a321ec9656a62d93e59ac5b50961c56ca55c3b504403acd4a198497704c01d700e39cbd8d98e928f475e66629209
SSDEEP

12288:u+7xEocVEdsWkfttRzpp8dXlaCj/g0PUtUi6:GocTft5p8dXla07Lf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8daaaf7612b18c7c9dfa3c10e0c783b7_JaffaCakes118

Files

8daaaf7612b18c7c9dfa3c10e0c783b7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cfdbd93c8b72eadaaf9919df867237b7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

netapi32

NetMessageBufferSend

kernel32

GetDriveTypeW
DeviceIoControl
GetLogicalDrives
MoveFileW
DeleteFileW
GetTempFileNameW
GetModuleFileNameW
Sleep
GetVersionExA
GetTimeFormatA
GetDateFormatA
GetModuleHandleW
SetFileAttributesW
CreateDirectoryW
CopyFileW
WritePrivateProfileSectionW
GetPrivateProfileSectionW
MoveFileExW
GetFileAttributesW
GetACP
GetComputerNameA
SetEndOfFile
SetLastError
QueryDosDeviceW
HeapFree
HeapAlloc
GetProcessHeap
GetCurrentProcess
GetLocaleInfoW
GetModuleHandleA
LocalFree
lstrlenA
lstrcmpA
LocalAlloc
lstrlenW
FlushFileBuffers
GetFileTime
GetTempPathW
ReadProcessMemory
UnmapViewOfFile
CreateMutexW
ReleaseMutex
VirtualAlloc
MapViewOfFile
CreateFileMappingW
OpenFileMappingW
DuplicateHandle
OpenMutexW
SetThreadPriority
MultiByteToWideChar
InterlockedExchange
VirtualFree
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
GetDiskFreeSpaceW
CompareStringW
CompareStringA
LoadLibraryA
GetOEMCP
GetExitCodeProcess
CreateFileA
SetStdHandle
GetStringTypeW
GetStringTypeA
GetCPInfo
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetFileType
GetStdHandle
GetWindowsDirectoryW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetVersion
GetLocaleInfoA
WaitForMultipleObjects
GetShortPathNameW
CreateProcessW
GetSystemTime
SystemTimeToFileTime
GetLocalTime
CreateThread
GetCurrentThread
OpenProcess
GetVersionExW
GlobalMemoryStatus
FindFirstFileW
FindNextFileW
CompareFileTime
FindClose
GetComputerNameW
GetDateFormatW
GetTimeFormatW
ExpandEnvironmentStringsW
SetFilePointer
GetSystemTimeAsFileTime
WriteFile
CreateFileW
GetFileSize
ReadFile
InterlockedIncrement
InterlockedDecrement
WaitForSingleObject
EnterCriticalSection
TerminateThread
LeaveCriticalSection
CloseHandle
DeleteCriticalSection
InitializeCriticalSection
CreateEventW
GetTickCount
SetEvent
GetTimeZoneInformation
GetCurrentThreadId
GetCurrentProcessId
LoadLibraryW
GetLastError
GetProcAddress
FreeLibrary
RtlUnwind
ResetEvent
SetEnvironmentVariableA
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
LCMapStringW
LCMapStringA
HeapSize
TerminateProcess
IsBadWritePtr
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetModuleFileNameA
TlsGetValue
GetStartupInfoA
TlsAlloc
TlsSetValue
ExitProcess
GetCommandLineA
HeapReAlloc

user32

LoadStringW
PostMessageW
DispatchMessageW
TranslateMessage
GetMessageW
SetTimer
DefWindowProcW
KillTimer
CreateWindowExW
RegisterClassW
SendMessageW
PeekMessageW
MsgWaitForMultipleObjects
wsprintfW

advapi32

GetKernelObjectSecurity
SetKernelObjectSecurity
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
AllocateAndInitializeSid
EqualSid
FreeSid
RegOpenKeyA
RegQueryValueExA
DuplicateToken
SetThreadToken
RegDeleteValueW
RegDeleteKeyW
RegEnumValueW
RegCreateKeyExW
ControlService
QueryServiceStatus
DeleteService
StartServiceCtrlDispatcherW
CreateServiceW
RegisterServiceCtrlHandlerW
SetServiceStatus
OpenSCManagerW
OpenServiceW
CloseServiceHandle
StartServiceW
DuplicateTokenEx
CreateProcessAsUserW
OpenThreadToken
OpenProcessToken
GetTokenInformation
LookupAccountSidW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RevertToSelf
RegEnumKeyW
RegCloseKey

wsock32

WSAStartup
closesocket
send
WSAGetLastError
recv
connect
htons
gethostbyname
ioctlsocket
socket
__WSAFDIsSet
select
inet_ntoa
WSASetLastError
setsockopt
WSACleanup

mpr

WNetGetUserW

ole32

CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

VariantClear
SysAllocString
SysFreeString

Sections

.text
Size: 392KB - Virtual size: 388KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 44KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.nrdata
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

cfdbd93c8b72eadaaf9919df867237b7

Headers

File Characteristics

Imports

netapi32

kernel32

user32

advapi32

wsock32

mpr

ole32

oleaut32

Sections

.text Size: 392KB - Virtual size: 388KB

.rdata Size: 60KB - Virtual size: 59KB

.data Size: 44KB - Virtual size: 53KB

.rsrc Size: 36KB - Virtual size: 33KB

.nrdata Size: 80KB - Virtual size: 80KB

.text
Size: 392KB - Virtual size: 388KB

.rdata
Size: 60KB - Virtual size: 59KB

.data
Size: 44KB - Virtual size: 53KB

.rsrc
Size: 36KB - Virtual size: 33KB

.nrdata
Size: 80KB - Virtual size: 80KB