be244298bc1f682145c2cd4c68b1d9a7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

be244298bc1f682145c2cd4c68b1d9a7_JaffaCakes118
Size

160KB
MD5

be244298bc1f682145c2cd4c68b1d9a7
SHA1

5cf41f3fbd7cab7e61841c754a7e7b90e8643481
SHA256

b5f5c6e12be59a8543cc29c3486a7cb72be764cc317d91a825f9d9abe3c8c706
SHA512

167cb789fb4f4d99830839a3ccd889a5289eb95141d97c1c8c1cad07c7bb8a08eafdaa439da16d7e8f481476846e5738a99b3197e9a518ce34be7e739793a7d8
SSDEEP

3072:hzsJetFwcNnHQtsh3jdpR2B4WCzMJ08QzvmxQtWmpF5xyuqmh:hjUcNe4pRAuUQu0WYlyuNh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
be244298bc1f682145c2cd4c68b1d9a7_JaffaCakes118

Files

be244298bc1f682145c2cd4c68b1d9a7_JaffaCakes118
.exe windows:1 windows x86 arch:x86

faaaa4c5943963461ce5701e0477e419

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

ShellExecuteW

kernel32

lstrcpyW
GetLocaleInfoA
VirtualFree
WriteFile
FindClose
FindFirstFileA
GetEnvironmentStringsA
QueueUserAPC
EnumUILanguagesA
CreateFileW
GetCurrentProcess
InitializeCriticalSection
GetModuleHandleA
OpenProcess
GetWindowsDirectoryW
GetTickCount
SetTapeParameters
EnterCriticalSection
DeleteVolumeMountPointA
GetLastError
CreateFileA
GetProcAddress
CloseHandle
EnumCalendarInfoExA
GetSystemDefaultLCID
lstrcatW
GetTimeFormatW
GetModuleFileNameA
Sleep
lstrcpyA
CopyFileA
GetSystemDirectoryW
BaseCleanupAppcompatCache
GetWindowsDirectoryA
SetDefaultCommConfigA
SetConsoleTitleA
GetVolumeNameForVolumeMountPointA
lstrcatA
FindNextFileA
CreateSemaphoreA
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
ReadFile
GetSystemDirectoryA
VirtualAlloc
DeleteFileA
SearchPathW
GetTapePosition
TerminateProcess
QueryDepthSList
DeleteFileW
BaseUpdateAppcompatCache
lstrlenA
GetFileSizeEx
DuplicateHandle

advapi32

RegQueryValueExA
AdjustTokenPrivileges
EqualSid
RegOpenKeyA
LookupPrivilegeValueA
RegCloseKey
WmiGetTraceHeader
SetSecurityDescriptorOwner
EnumServicesStatusA
LsaAddPrivilegesToAccount
RegCreateKeyA
OpenSCManagerA
EncryptionDisable
CloseServiceHandle
RegSetValueExA
OpenProcessToken

ntdll

_chkstk
strlen
RtlInitAnsiString
RtlAnsiStringToUnicodeString
memcpy
tolower
isspace
strncmp
NtQueryObject
sprintf
isdigit
memset
wcsstr
RtlFreeUnicodeString
vsprintf
NtQuerySystemInformation
strstr
ZwLoadDriver

psapi

EnumProcesses
GetProcessImageFileNameA

ws2_32

htonl
send
closesocket
connect
select
WSACloseEvent
WSCEnableNSProvider
WSASetEvent
gethostbyname
socket
WSAStartup
WSAAddressToStringW
htons
__WSAFDIsSet
recv
WSARecvFrom

ole32

CoCreateGuid

user32

ExitWindowsEx
RemovePropW
CharLowerW

Sections

.data
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 406B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

faaaa4c5943963461ce5701e0477e419

Headers

File Characteristics

Imports

shell32

kernel32

advapi32

ntdll

psapi

ws2_32

ole32

user32

Sections

.data Size: 21KB - Virtual size: 21KB

.text Size: 512B - Virtual size: 406B

.idata Size: 3KB - Virtual size: 2KB

.data
Size: 21KB - Virtual size: 21KB

.text
Size: 512B - Virtual size: 406B

.idata
Size: 3KB - Virtual size: 2KB