a0807b58bc92223a3c2b3670c834a1c9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a0807b58bc92223a3c2b3670c834a1c9_JaffaCakes118
Size

742KB
MD5

a0807b58bc92223a3c2b3670c834a1c9
SHA1

3c0f65389344298d0aea0b1a23e9ed68779a5840
SHA256

7ecd0f73a2b023c1ef6a655548f586024735d11627f4bc46293e35ecdaa0f47b
SHA512

c69ade1776a66db37413e79994ea9158854bd492974e284cd6ee7cc7fd1229ac89eddc485b64d6aa9788de6cfe62d19d21893aa3f48dd5b5958d8e2478f5082c
SSDEEP

12288:2ovh4G/rzFPcvAUZVZXolfVHKHoYzZqmIX/mAM97sO5ugRW5fT2VhSMXlpfb1Oy:0G/r+vAUZVV2fVqHoY1qxZe7hU5fT2VB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a0807b58bc92223a3c2b3670c834a1c9_JaffaCakes118

Files

a0807b58bc92223a3c2b3670c834a1c9_JaffaCakes118
.exe windows:6 windows x86 arch:x86

629cd09a2c8715febd8274f5e53537be

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

peview.pdb

Imports

ntdll

NtOpenSymbolicLinkObject
NtEnumerateKey
NtOpenKey
RtlConvertSidToUnicodeString
NtQuerySymbolicLinkObject
NtSetEaFile
NtCreateNamedPipeFile
NtSetInformationThread
NtSetSecurityObject
NtQueryEaFile
NtQueryAttributesFile
RtlDetermineDosPathNameType_U
NtQuerySecurityObject
NtOpenFile
NtQueryValueKey
NtQueryFullAttributesFile
NtCreateSemaphore
NtReleaseSemaphore
NtReleaseKeyedEvent
NtWaitForKeyedEvent
NtCreateKeyedEvent
RtlLengthSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlGetControlSecurityDescriptor
RtlValidRelativeSecurityDescriptor
RtlMapGenericMask
RtlGetSaclSecurityDescriptor
RtlGetOwnerSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlValidSecurityDescriptor
RtlAbsoluteToSelfRelativeSD
RtlSetControlSecurityDescriptor
RtlSetGroupSecurityDescriptor
NtCreateEvent
NtSetEvent
NtDeviceIoControlFile
NtTestAlert
RtlEqualSid
RtlNtStatusToDosErrorNoTeb
NtTerminateThread
NtClearEvent
NtQueryObject
NtOpenProcessToken
RtlCreateHeap
RtlSetHeapInformation
RtlGetVersion
NtQuerySystemInformation
LdrAccessResource
RtlExpandEnvironmentStrings_U
RtlGetDaclSecurityDescriptor
NtWaitForSingleObject
RtlCreateSecurityDescriptor
RtlLeaveCriticalSection
RtlCreateAcl
RtlUnwind
RtlStringFromGUID
RtlFindMessage
RtlEnterCriticalSection
RtlAddAccessAllowedAce
RtlLengthSid
NtQueryInformationToken
NtReadFile
LdrFindResource_U
NtSetInformationToken
RtlFreeUnicodeString
NtQueryInformationProcess
RtlDosPathNameToNtPathName_U_WithStatus
RtlTimeToTimeFields
RtlSetDaclSecurityDescriptor
RtlSubAuthoritySid
RtlInitializeSid
NtCreateDirectoryObject
RtlGetFullPathName_U
RtlCreateTimerQueue
RtlInterlockedPopEntrySList
RtlFreeHeap
RtlCreateUserThread
RtlMultiByteToUnicodeSize
RtlMultiByteToUnicodeN
RtlReAllocateHeap
RtlUpcaseUnicodeChar
RtlAllocateHeap
RtlInitializeSListHead
RtlInterlockedPushEntrySList
NtMapViewOfSection
NtUnmapViewOfSection
NtReadVirtualMemory
NtCreateSection
RtlLcidToLocaleName
NtWriteFile
RtlComputeImportTableHash
RtlDeleteTimer
RtlCreateTimer
RtlUpdateTimer
NtCreateMutant
RtlSecondsSince1970ToTime
RtlExitUserProcess
NtCreateFile
NtQueryInformationFile
NtFsControlFile
NtClose
RtlNtStatusToDosError
RtlRaiseStatus

kernel32

DecodePointer
CloseHandle
CreateFileW
FlushFileBuffers
GetProcessHeap
GetCommandLineW
GetCommandLineA
FindNextFileW
FindFirstFileExW
FindClose
GetFileSizeEx
WideCharToMultiByte
SetFilePointerEx
SetStdHandle
HeapReAlloc
LCMapStringW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetOEMCP
GetACP
IsValidCodePage
MultiByteToWideChar
GetCPInfo
GetFileType
HeapAlloc
HeapFree
GetStringTypeW
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
GetStdHandle
GetConsoleOutputCP
WriteFile
GetConsoleMode
TlsFree
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
GetProcAddress
GetModuleHandleW
VirtualQuery
VirtualProtect
GetSystemInfo
RaiseException
LocalAlloc
LoadLibraryExW
GetDateFormatW
CreateProcessW
GetTimeFormatW
LocalFree
GetLocaleInfoW
SearchPathW
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
GetLastError
SetLastError
TlsGetValue
TlsAlloc
TlsSetValue
FreeLibrary
LoadLibraryW
HeapSize
WriteConsoleW

Sections

.text
Size: 443KB - Virtual size: 443KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 197KB - Virtual size: 197KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

629cd09a2c8715febd8274f5e53537be

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

kernel32

Sections

.text Size: 443KB - Virtual size: 443KB

.rdata Size: 197KB - Virtual size: 197KB

.data Size: 12KB - Virtual size: 17KB

.didat Size: 1024B - Virtual size: 1024B

.rsrc Size: 59KB - Virtual size: 59KB

.reloc Size: 25KB - Virtual size: 25KB

.data Size: 3KB - Virtual size: 3KB

.text
Size: 443KB - Virtual size: 443KB

.rdata
Size: 197KB - Virtual size: 197KB

.data
Size: 12KB - Virtual size: 17KB

.didat
Size: 1024B - Virtual size: 1024B

.rsrc
Size: 59KB - Virtual size: 59KB

.reloc
Size: 25KB - Virtual size: 25KB

.data
Size: 3KB - Virtual size: 3KB