a0e3b84cd8ad0898b786f5ea86f1da15_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a0e3b84cd8ad0898b786f5ea86f1da15_JaffaCakes118
Size

95KB
MD5

a0e3b84cd8ad0898b786f5ea86f1da15
SHA1

e21b84421c9dcd6a495081ce462e713872938d27
SHA256

b08bc7e7e4928d31481135749e97e3926f5c39f2eb6ad2740456e440958a3eb2
SHA512

9db775f0016c7418cad5f1eba8f0880e08a519128fe4f840754510da3cfc77a4905f96ead745782cb801abc2a2b4ee19074ab58a84de4a688b55f66b3fcd8a32
SSDEEP

1536:ZSjZxzon2EV8ZxPDFEYZjjUMl2g830yUzrtjfSAcIVmYDrZbDuIIgLpglGXMrF3/:QjZ9iVaxbFtjj7l8khtjSVYDMxhHrFac

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a0e3b84cd8ad0898b786f5ea86f1da15_JaffaCakes118

Files

a0e3b84cd8ad0898b786f5ea86f1da15_JaffaCakes118
.exe windows:1 windows x86 arch:x86

08606372f647905df80c37d63d0c14fe

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

ShellExecuteW

kernel32

CreateFileMappingA
EnumSystemLocalesW
DeleteFileW
CloseHandle
VirtualAlloc
CreateSemaphoreA
DuplicateHandle
WriteFile
lstrlenA
lstrcatA
GetLocaleInfoA
OpenProcess
GetCurrentProcess
WaitForDebugEvent
VirtualFree
GetModuleFileNameA
InitializeCriticalSection
HeapCompact
GetSystemDefaultLCID
lstrcpyW
FindClose
DeleteFileA
CreateFileW
MapViewOfFileEx
Thread32Next
FindNextFileA
FindFirstFileA
ReadFile
GetFileSizeEx
LeaveCriticalSection
GetStartupInfoA
GetWindowsDirectoryA
CreateToolhelp32Snapshot
GetTickCount
GetConsoleKeyboardLayoutNameA
VerifyVersionInfoW
ReadConsoleOutputW
GetProcessPriorityBoost
_hwrite
GetSystemDirectoryA
EnterCriticalSection
GetNlsSectionName
RegisterWaitForSingleObjectEx
lstrcpyA
CopyFileA
OpenMutexW
GetNamedPipeHandleStateW
GetProcAddress
CreateFileA
lstrcatW
GetSystemDirectoryW
GetLastError
HeapUnlock
GetModuleHandleA
Sleep

advapi32

LookupPrivilegeValueA
OpenSCManagerA
OpenServiceW
RegCreateKeyA
EnumServicesStatusA
LsaSetQuotasForAccount
RegCloseKey
GetTrusteeTypeW
CloseServiceHandle
OpenProcessToken
RegQueryValueExA
TrusteeAccessToObjectW
AdjustTokenPrivileges
DeleteAce
RegOpenKeyA
RegSetValueExA

ntdll

strncmp
memset
sprintf
ZwLoadDriver
vsprintf
RtlInitAnsiString
tolower
_chkstk
memcpy
strlen
isspace
RtlAnsiStringToUnicodeString
NtQuerySystemInformation
wcsstr
strstr
NtQueryObject
isdigit
RtlFreeUnicodeString

psapi

GetProcessImageFileNameA
EnumProcesses

ws2_32

getsockopt
WSASetEvent
connect
htonl
closesocket
ntohs
select
send
socket
WSALookupServiceBeginA
htons
gethostbyname
__WSAFDIsSet
WSAStartup
recv
WSAConnect

ole32

CoCreateGuid

user32

CharLowerW
ExitWindowsEx
WINNLSEnableIME

Sections

.data
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 407B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

08606372f647905df80c37d63d0c14fe

Headers

File Characteristics

Imports

shell32

kernel32

advapi32

ntdll

psapi

ws2_32

ole32

user32

Sections

.data Size: 21KB - Virtual size: 21KB

.text Size: 512B - Virtual size: 407B

.idata Size: 3KB - Virtual size: 2KB

.data
Size: 21KB - Virtual size: 21KB

.text
Size: 512B - Virtual size: 407B

.idata
Size: 3KB - Virtual size: 2KB