af48557c272cb261b6be3b68a73390c6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

af48557c272cb261b6be3b68a73390c6_JaffaCakes118
Size

157KB
MD5

af48557c272cb261b6be3b68a73390c6
SHA1

a115ed0e0f8e898780b3b912b3704f289bc8831e
SHA256

5fa36867ff57c7dbbf4e10667a0978f2b1e6a254dbc2199a3a8f7a14fbbb8dba
SHA512

2c6b7bdb18d8ee5b3ea7728ca11bafd81f92bcce1b4ea0a2f509572b991b0552b88283592bc9ec1fd487a3c0f140e93ec19d9d3298c7581f2c38f82dd673b912
SSDEEP

3072:Y2SVGivBitDR2/8+c8+EFpcv3uKi/U/SJ:dipAF2/G8+Ups3LiM/SJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
af48557c272cb261b6be3b68a73390c6_JaffaCakes118

Files

af48557c272cb261b6be3b68a73390c6_JaffaCakes118
.exe windows:1 windows x86 arch:x86

7152bb7b9ff51622d6e899d488aa1a09

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

ShellExecuteW

kernel32

GetCurrentProcess
GetLastError
SetTimerQueueTimer
CreateFileW
GetModuleHandleA
GetLocaleInfoA
LeaveCriticalSection
CloseHandle
FindNextFileA
OpenProcess
GetModuleFileNameA
FindClose
lstrlenA
WriteFile
GetTickCount
CopyFileA
GlobalUnWire
PurgeComm
PulseEvent
VirtualAlloc
ReadFile
GetSystemDirectoryW
SetCalendarInfoW
GetSystemDefaultLCID
InitializeCriticalSection
GetSystemDirectoryA
DeleteFileW
GetFileSizeEx
GetProcAddress
IsProcessInJob
CompareFileTime
SetThreadUILanguage
GetConsoleCommandHistoryA
GetFileType
GlobalFlags
SetThreadAffinityMask
lstrlen
lstrcpyA
CopyLZFile
lstrcpyW
FindFirstFileA
CreateSemaphoreA
GetLongPathNameW
EnterCriticalSection
WriteConsoleInputA
VirtualFree
lstrcatA
DeleteFileA
GlobalWire
QueryDepthSList
lstrcatW
GetWindowsDirectoryA
DuplicateHandle
CreateFileA
Sleep

advapi32

SetPrivateObjectSecurityEx
RegQueryValueExA
RegCreateKeyA
RegOpenKeyA
SaferGetPolicyInformation
RegSetValueExA
EnumServicesStatusA
GetNamedSecurityInfoExA
LookupPrivilegeValueA
OpenSCManagerA
CredProfileLoaded
AdjustTokenPrivileges
FreeInheritedFromArray
OpenProcessToken
CloseServiceHandle
RegCloseKey

ntdll

isspace
NtQueryObject
NtQuerySystemInformation
isdigit
strncmp
strstr
ZwLoadDriver
wcsstr
memset
vsprintf
tolower
_chkstk
sprintf
RtlInitAnsiString
RtlFreeUnicodeString
strlen
RtlAnsiStringToUnicodeString
memcpy

psapi

GetProcessImageFileNameA
EnumProcesses

ws2_32

WSAStartup
htons
connect
closesocket
WSAHtons
__WSAFDIsSet
WSAProviderConfigChange
gethostbyname
WSACleanup
socket
WSASetLastError
send
htonl
select
connect
recv

ole32

CoCreateGuid

user32

CharLowerW
ExitWindowsEx
MsgWaitForMultipleObjectsEx

Sections

.data
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 413B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7152bb7b9ff51622d6e899d488aa1a09

Headers

File Characteristics

Imports

shell32

kernel32

advapi32

ntdll

psapi

ws2_32

ole32

user32

Sections

.data Size: 21KB - Virtual size: 21KB

.text Size: 512B - Virtual size: 413B

.idata Size: 3KB - Virtual size: 2KB

.data
Size: 21KB - Virtual size: 21KB

.text
Size: 512B - Virtual size: 413B

.idata
Size: 3KB - Virtual size: 2KB