b276161602f65241829252fc27f1b8b2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b276161602f65241829252fc27f1b8b2_JaffaCakes118
Size

412KB
MD5

b276161602f65241829252fc27f1b8b2
SHA1

451e7662bd6291c8fc07ca47ad3882493716b520
SHA256

98b12adbf5fe215ca22aad1d22f910a35e476cb7d7be70305e8b82d1c3bf9c51
SHA512

a427367b2f1bbc8a03910b24c62a55f4c711c7d1ae535f15d62849a153bec2fe367fc10c70f73d9b2da743fb08a68e53cd701543ef92990459f466388406e1b2
SSDEEP

12288:IRHkLNkvwC6L3sQCjwemN2fmwJLd69TjZE:Juo8VPmNq9L8lK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b276161602f65241829252fc27f1b8b2_JaffaCakes118

Files

b276161602f65241829252fc27f1b8b2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a8fcb937b4b19dae6b020f7087d5cc86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForSingleObject
ReadFile
CreatePipe
GetCurrentProcess
DuplicateHandle
LoadLibraryA
GetProcAddress
SetEvent
GetCurrentThread
GetComputerNameA
CloseHandle
MultiByteToWideChar
LocalFree
GetVersionExA
OutputDebugStringA
LoadLibraryW
GetVersion
GetFileAttributesW
GetModuleHandleW
GetModuleHandleA
FormatMessageW
GetSystemWindowsDirectoryW
WriteFile
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
HeapSize
GetCPInfo
GetOEMCP
GetACP
GetFileType
SetHandleCount
GetEnvironmentStringsW
GetLastError
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStdHandle
GetSystemInfo
CreateThread
InterlockedExchange
FindClose
FindFirstFileA
FindNextFileA
GetFileInformationByHandle
CreateFileW
HeapDestroy
lstrcmpiA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InterlockedDecrement
InterlockedIncrement
Sleep
GlobalLock
GlobalUnlock
GlobalFree
VirtualFree
LocalAlloc
GetTickCount
GetCommandLineA
GetLocaleInfoA
VirtualProtect
ExitProcess
VirtualQuery
HeapReAlloc
VirtualAlloc
HeapCreate
GetStartupInfoA
RtlUnwind
HeapFree
HeapAlloc

user32

CharNextA
CharPrevA
WinHelpW
LoadStringW
MessageBoxW
GetFocus
SetTimer
MessageBeep
ShowWindow
GetParent
SetWindowTextW
IsDlgButtonChecked
SetDlgItemTextW
GetDlgItemTextW
GetDlgItem
EnableWindow
EndDialog
GetWindowLongW
SetWindowLongW
DialogBoxParamW
SendMessageW
SendDlgItemMessageW
KillTimer

advapi32

OpenThreadToken
RegOpenKeyW
RegOpenKeyA
RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegOpenKeyExA
ImpersonateLoggedOnUser
RevertToSelf
CreateProcessAsUserA
RegCreateKeyExA
SetServiceStatus
EqualSid
GetTokenInformation
AccessCheckAndAuditAlarmW
AccessCheck
LookupPrivilegeValueA
OpenProcessToken
LogonUserA
GetKernelObjectSecurity
RegDeleteKeyA

gdi32

DeleteObject

ole32

CoCreateInstance
StringFromGUID2
CoTaskMemAlloc
CoInitialize
CreateStreamOnHGlobal
CoUninitialize

rpcrt4

RpcServerUseProtseqEpW
RpcRevertToSelf
RpcImpersonateClient

Sections

.text
Size: 392KB - Virtual size: 391KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 307KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a8fcb937b4b19dae6b020f7087d5cc86

Headers

File Characteristics

Imports

kernel32

user32

advapi32

gdi32

ole32

rpcrt4

Sections

.text Size: 392KB - Virtual size: 391KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 307KB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 392KB - Virtual size: 391KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 307KB

.rsrc
Size: 4KB - Virtual size: 1KB