b831f4f641c3cfbdd1d7494c3ddee2a2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b831f4f641c3cfbdd1d7494c3ddee2a2_JaffaCakes118
Size

288KB
MD5

b831f4f641c3cfbdd1d7494c3ddee2a2
SHA1

e309976931efeb2054bfae47aee86825c03038ad
SHA256

b268131847dec73dcb46ca17500b6e0e62c3c59f6843eebba0d29c4534359dd1
SHA512

5a6b810cc9291f087c3bd6a789ee82a192845f0c3e0625dff4c5071af556cf62f0e92a5b52ca51ccde99165ef7c42e94c42403b3b1d31f282223368f6a50c037
SSDEEP

6144:kNETIo3qOTPLG8Je25uXzsoBsPnc2rK/NxsnxfFGG3t+qY+8bSSV:k0qOPG8r5uDxsPc2rQIDFYDHV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b831f4f641c3cfbdd1d7494c3ddee2a2_JaffaCakes118

Files

b831f4f641c3cfbdd1d7494c3ddee2a2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

62297b8951368442c2c138fdbfe56c6d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThreadId
WaitForMultipleObjects
LocalFree
LocalAlloc
SetEvent
CreateEventW
InitializeCriticalSection
GetFileAttributesW
GetCurrentProcess
MoveFileW
SetErrorMode
WaitForSingleObject
GetSystemInfo
QueryPerformanceFrequency
GetModuleHandleW
GetTickCount
GetModuleFileNameW
OpenEventW
Sleep
LoadLibraryW
FreeLibrary
GetLastError
GetVersionExW
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
RaiseException
LoadLibraryA
CreateMutexA
GetProcAddress

advapi32

SetThreadToken
ImpersonateLoggedOnUser
RevertToSelf
QueryServiceConfigW
CreateServiceW
ChangeServiceConfigW
DeleteService
OpenSCManagerW
OpenServiceW
QueryServiceStatus
StartServiceW
ControlService
CloseServiceHandle
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
SetServiceStatus
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegCloseKey
DuplicateTokenEx

dhcpsapi

DhcpAddServer
DhcpAuditLogSetParams
DhcpRemoveOptionV5
DhcpEnumOptionValuesV5
DhcpServerQueryAttribute
DhcpSetOptionInfoV5
DhcpEnumSubnetClients
DhcpGetClassInfo
DhcpSetMScopeInfo
DhcpSetSuperScopeV4

msimtf

DllGetClassObject

Sections

CODE
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.y
Size: 3KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.FiDk
Size: 2KB - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.jmiw
Size: 512B - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 82KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.lP
Size: 3KB - Virtual size: 527KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 136KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hyG
Size: 3KB - Virtual size: 443KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

62297b8951368442c2c138fdbfe56c6d

Headers

File Characteristics

Imports

kernel32

advapi32

dhcpsapi

msimtf

Sections

CODE Size: 9KB - Virtual size: 9KB

.text Size: 15KB - Virtual size: 15KB

.y Size: 3KB - Virtual size: 183KB

.FiDk Size: 2KB - Virtual size: 236KB

.rdata Size: 2KB - Virtual size: 4KB

.jmiw Size: 512B - Virtual size: 30KB

.edata Size: 82KB - Virtual size: 135KB

.lP Size: 3KB - Virtual size: 527KB

.data Size: 6KB - Virtual size: 76KB

.edata Size: 136KB - Virtual size: 138KB

.hyG Size: 3KB - Virtual size: 443KB

.rsrc Size: 22KB - Virtual size: 21KB

CODE
Size: 9KB - Virtual size: 9KB

.text
Size: 15KB - Virtual size: 15KB

.y
Size: 3KB - Virtual size: 183KB

.FiDk
Size: 2KB - Virtual size: 236KB

.rdata
Size: 2KB - Virtual size: 4KB

.jmiw
Size: 512B - Virtual size: 30KB

.edata
Size: 82KB - Virtual size: 135KB

.lP
Size: 3KB - Virtual size: 527KB

.data
Size: 6KB - Virtual size: 76KB

.edata
Size: 136KB - Virtual size: 138KB

.hyG
Size: 3KB - Virtual size: 443KB

.rsrc
Size: 22KB - Virtual size: 21KB