a361b55ed30855e5edf917bb87f271d8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a361b55ed30855e5edf917bb87f271d8_JaffaCakes118
Size

490KB
MD5

a361b55ed30855e5edf917bb87f271d8
SHA1

2bef4aa94eacbb02714a7fec09901001e63f121a
SHA256

3a42c8d43ab60892453b19ab7ae1b92641691b0bae56178f0af97061cecec7ef
SHA512

eb93e149ddf8a08ae18e4cf6bb1041b849de51c552beffbaf68d579615c1c22e35ee07c1a95268e07bb3270e48661635783e90bfa065ae824221e63e691d60bf
SSDEEP

12288:6FT9xsp60Ojt0lA5V2B4zEFQ15HA7S9dwZGI:6FT9xss0OjE3m1kS9+ZG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a361b55ed30855e5edf917bb87f271d8_JaffaCakes118

Files

a361b55ed30855e5edf917bb87f271d8_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e0d375919b6dc807a3306cfede605ded

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetModuleFileNameExA

kernel32

GetProcessHeap
Sleep
GetFileAttributesA
GetModuleHandleA
DeleteFileA
WriteFile
lstrcpyA
lstrlenA
WaitForSingleObject
SleepEx
OpenProcess
GetExitCodeProcess
CreateProcessA
TerminateProcess
CreateDirectoryA
lstrcmpiA
GetModuleFileNameA
GetFileSize
SetFilePointer
ReadFile
LoadLibraryExA
GetComputerNameA
GetVolumeInformationA
LocalFree
GetLocalTime
GetVersionExA
MoveFileExA
lstrcatA
GetFullPathNameA
DosDateTimeToFileTime
HeapFree
GetFileTime
LocalFileTimeToFileTime
GetCurrentProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
IsValidCodePage
GetOEMCP
GetACP
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
HeapSize
FlushFileBuffers
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
OpenMutexA
HeapAlloc
CreateFileA
OpenFileMappingA
CloseHandle
CreateToolhelp32Snapshot
CreateFileMappingA
Process32Next
LoadLibraryA
GetProcAddress
GetLastError
WideCharToMultiByte
ExpandEnvironmentStringsA
Process32First
InterlockedDecrement
GetCPInfo
FreeLibrary
lstrcpynA
MapViewOfFile
LCMapStringA
SetFileTime
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetEndOfFile
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
GetStdHandle
SetHandleCount
VirtualAlloc
DeleteCriticalSection
VirtualFree
HeapCreate
MultiByteToWideChar
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapReAlloc
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleW
ExitProcess
GetFileType
GetConsoleCP
GetConsoleMode
GetCommandLineA
GetStartupInfoA
RaiseException
RtlUnwind
TlsGetValue
LCMapStringW

user32

FindWindowA
IsWindow
SendMessageA
EndPaint
GetMessageA
GetClassNameA
RegisterClassExA
GetWindowThreadProcessId
LoadStringA
BeginPaint
TranslateMessage
CreateWindowExA
TranslateAcceleratorA
PostQuitMessage
DefWindowProcA
LoadAcceleratorsA
ShowWindow
DispatchMessageA
IsWindowVisible
UpdateWindow
EnumWindows

advapi32

ConvertSidToStringSidA
LookupAccountNameA
RegDeleteKeyA
RegSetValueExA
RegEnumKeyA
RegDeleteValueA
RegQueryInfoKeyA
RegCreateKeyA
RegCloseKey
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
OpenSCManagerA
QueryServiceStatus
CloseServiceHandle
OpenServiceA

shell32

SHGetFolderPathA

oleaut32

VariantClear

shlwapi

PathFileExistsA
StrStrIA
wnsprintfA
StrToIntA
StrChrA
SHDeleteKeyA
StrNCatA

Sections

.text
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 306KB - Virtual size: 305KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e0d375919b6dc807a3306cfede605ded

Headers

DLL Characteristics

File Characteristics

Imports

psapi

kernel32

user32

advapi32

shell32

oleaut32

shlwapi

Sections

.text Size: 126KB - Virtual size: 126KB

.rdata Size: 28KB - Virtual size: 28KB

.data Size: 15KB - Virtual size: 25KB

.cdata Size: 2KB - Virtual size: 2KB

.rsrc Size: 306KB - Virtual size: 305KB

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 126KB - Virtual size: 126KB

.rdata
Size: 28KB - Virtual size: 28KB

.data
Size: 15KB - Virtual size: 25KB

.cdata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 306KB - Virtual size: 305KB

.reloc
Size: 10KB - Virtual size: 10KB