a8a6ac2963f1f9410ee7238059a0b084_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

a8a6ac2963f1f9410ee7238059a0b084_JaffaCakes118
Size

10KB
MD5

a8a6ac2963f1f9410ee7238059a0b084
SHA1

59118f40d99fff72ed260e96c311055e1e8e0f48
SHA256

645529b2b6c2015f432f4eb9032cd24cda74ec8a999c6cbbf5115d1eebbb9918
SHA512

c3663f274c3c915a0818b68cfc9df307e5dd5316a0c5141ab33e58f44af91d28782106e9aada771af18eb04516b0089a71e707e6f229863d3e35f7b5b2bedae6
SSDEEP

192:0z50y5GPG79g5oVvnliQ4nC+YOGMZFPmoyiG9C:SAPH8vnp4C+YOGmxmN9C

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a8a6ac2963f1f9410ee7238059a0b084_JaffaCakes118

Files

a8a6ac2963f1f9410ee7238059a0b084_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9dcfd950f7e2401684bfb3463868f579

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetThreadPriority
GetCurrentThread
SetPriorityClass
GetCurrentProcess
lstrcatW
lstrcpyW
GetEnvironmentVariableW
GetShortPathNameW
GetModuleFileNameW
Sleep
OpenProcess
lstrcmpW
WaitForSingleObject
HeapFree
HeapAlloc
GetProcessHeap
GetLastError
SetProcessPriorityBoost
WinExec
WideCharToMultiByte
lstrlenW
SetFilePointer
CopyFileW
FindClose
FindFirstFileW
CreateDirectoryW
MultiByteToWideChar
lstrlenA
lstrcmpiA
FreeLibrary
GetProcAddress
LoadLibraryW
GetModuleHandleW
FindResourceW
SizeofResource
LoadResource
GlobalAlloc
LockResource
GetStartupInfoW
CreateFileW
WriteFile
GlobalFree
GetVersionExW
CreateToolhelp32Snapshot
Process32FirstW
lstrcmpiW
Process32NextW
CreateEventW
CloseHandle

netapi32

NetUserGetInfo
NetApiBufferFree

msvcrt

__p__commode
__p__fmode
__set_app_type
_controlfp
memset
memcpy
_wcsupr
sprintf
swprintf
_exit
_XcptFilter
exit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
_except_handler3

user32

SetProcessWindowStation
OpenWindowStationW
OpenDesktopW
GetProcessWindowStation
CloseDesktop
EndDialog
GetWindowThreadProcessId
PostMessageW
SetUserObjectSecurity
GetUserObjectSecurity
EnumWindows
CloseWindowStation

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

advapi32

OpenProcessToken
SetSecurityDescriptorDacl
CopySid
AddAce
GetAce
InitializeAcl
GetLengthSid
GetAclInformation
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
GetTokenInformation
GetUserNameW
CreateProcessAsUserW

shell32

SHChangeNotify
ShellExecuteExW
SHGetSpecialFolderPathW

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9dcfd950f7e2401684bfb3463868f579

Headers

File Characteristics

Imports

kernel32

netapi32

msvcrt

user32

userenv

advapi32

shell32

Sections

.text Size: 5KB - Virtual size: 5KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 1024B - Virtual size: 816B

.rsrc Size: 48KB - Virtual size: 48KB

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 1024B - Virtual size: 816B

.rsrc
Size: 48KB - Virtual size: 48KB