b23b4dc6580dd7277b4227c6a0d8b7e2_JaffaCakes118

General

Target

b23b4dc6580dd7277b4227c6a0d8b7e2_JaffaCakes118
Size

23KB
MD5

b23b4dc6580dd7277b4227c6a0d8b7e2
SHA1

1d3b03e17d329b017e6c64f64184630a9544535c
SHA256

c46399c9befad504f24dc83c577238b2c4a97d278fbe8ed20cfb9e4c6756d161
SHA512

e122d01afa41b7bbe24c5456ce32a27f2294856c573c7c0cbd0dbe25dec41d28eaa9f30fd82fcc444fd8e85e6979d89146c7e60d75e6ba952449f280acc58d9e
SSDEEP

384:4ocUOxv0ISW3NbT5cdRU5JPAxX95tu3tnTEUOERn+WOx3GW:7cUOqISaB5ckHAxNItTEixU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b23b4dc6580dd7277b4227c6a0d8b7e2_JaffaCakes118

Files

b23b4dc6580dd7277b4227c6a0d8b7e2_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c61593208071920e320445e9224deeff

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

InitializeAcl
EqualSid
GetLengthSid
AddAccessAllowedAce
LookupPrivilegeNameW
RegQueryValueExW
MapGenericMask
RegOpenKeyW
AllocateAndInitializeSid
GetTokenInformation
IsValidSid
StartServiceW
LookupAccountNameW
RegCloseKey
OpenServiceW
IsValidSecurityDescriptor
RegOpenKeyExW
RegDeleteKeyW
GetKernelObjectSecurity
AdjustTokenPrivileges
LookupPrivilegeValueW

kernel32

GetModuleHandleW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
GetCurrentThreadId
LocalFree
ExitVDM
CreateDirectoryA
SetConsoleTitleW
WaitForMultipleObjects
SetVDMCurrentDirectories
FreeResource
SetConsoleActiveScreenBuffer
GlobalFindAtomA
ContinueDebugEvent
HeapAlloc
FindNextFileA
VerLanguageNameW
HeapValidate
SetEvent
SetErrorMode
GetConsoleMode
CreatePipe
GetPrivateProfileStringA

ntdll

ZwAllocateLocallyUniqueId
NtRequestWakeupLatency
toupper
RtlSelfRelativeToAbsoluteSD
_aullshr
ZwInitializeRegistry
RtlSetSecurityObjectEx
NtQuerySection
ZwUnloadKey
RtlSystemTimeToLocalTime
CsrAllocateCaptureBuffer
NtCreatePort
ZwSetSystemTime
ZwQueryMutant
NtFreeUserPhysicalPages
CsrClientConnectToServer
ZwCreateEventPair
RtlEqualSid

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c61593208071920e320445e9224deeff

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

ntdll

Sections

.text Size: 19KB - Virtual size: 18KB

.data Size: 2KB - Virtual size: 9KB

.rsrc Size: 1024B - Virtual size: 968B

.text
Size: 19KB - Virtual size: 18KB

.data
Size: 2KB - Virtual size: 9KB

.rsrc
Size: 1024B - Virtual size: 968B