be9d59813be4bcf6e579c0e663e22199_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

be9d59813be4bcf6e579c0e663e22199_JaffaCakes118
Size

3.7MB
MD5

be9d59813be4bcf6e579c0e663e22199
SHA1

5be0ece29c1273db3b6599bf19f538315b3f0397
SHA256

1c6ed5dc22e22f892bd74a3cdd2f7f4999bde2769625ef8df94db8e282921088
SHA512

3f108ead1d72d68eebbb1224bd56bde1cc84f51a676b11a73e967a63ffd07dd69900fd9f1aaac4e2c3e8eecd04a112d59ee830dff6be3f6cfea1059166cdc937
SSDEEP

3072:lf/JldEIk5Y1fiQfVViyhr2Bl9hfPx/3:DEIk5yfDVfgHFP1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
be9d59813be4bcf6e579c0e663e22199_JaffaCakes118

Files

be9d59813be4bcf6e579c0e663e22199_JaffaCakes118
.exe windows:4 windows x86 arch:x86

90a10afb56cbb7e4316d895df9b66c9b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

GetSecurityInfo
GetAclInformation
OpenServiceA
RegConnectRegistryA
CreateServiceA
QueryServiceConfigA
RegSetKeySecurity
ReportEventW
GetSecurityDescriptorSacl
RegUnLoadKeyW
LookupAccountNameA
GetServiceDisplayNameW
AdjustTokenPrivileges
SetSecurityDescriptorSacl
SetEntriesInAclA
RegEnumValueA
GetUserNameW
StartServiceA

kernel32

ExitProcess
ReleaseSemaphore
GenerateConsoleCtrlEvent
GlobalAddAtomA
GetEnvironmentVariableW
VirtualQueryEx
FindResourceExW
GetCompressedFileSizeW
SuspendThread
SetConsoleOutputCP
VirtualUnlock
ReadConsoleOutputA
GetFileAttributesExA
GlobalFree
LocalReAlloc
SetMailslotInfo
GetBinaryTypeA
WritePrivateProfileStringW
MultiByteToWideChar
SetCurrentDirectoryA
CreateMutexA
_lclose
CreateDirectoryW
GetProfileStringA
CancelIo
IsValidLocale
GetFileAttributesA
PeekConsoleInputW
SetThreadLocale
GetDriveTypeA
FindFirstFileExW
SetFileAttributesA
GetDiskFreeSpaceExA
SetProcessShutdownParameters
SystemTimeToFileTime
EnumDateFormatsW
GetPrivateProfileStringW
WaitNamedPipeA
GetModuleHandleA
RemoveDirectoryA
CloseHandle
ReadConsoleA
LCMapStringA
FreeLibrary

user32

SetFocus
GetForegroundWindow
InsertMenuItemW
LookupIconIdFromDirectory
ChangeDisplaySettingsW
ScrollWindowEx
CharToOemW
EnumDisplayDevicesA
MoveWindow
OpenWindowStationA
GetUserObjectSecurity
OemToCharBuffW
SendMessageW
GetMonitorInfoA
NotifyWinEvent
SetProcessWindowStation
ShowCaret
MessageBeep
GetShellWindow
GetUpdateRect
DestroyIcon
GetTitleBarInfo
SetCursorPos
ChildWindowFromPointEx

shell32

ShellExecuteA
SHFileOperationA
SHGetPathFromIDListA
SHBrowseForFolderA

ws2_32

WSALookupServiceNextW
WSAStringToAddressA
WSAEnumNameSpaceProvidersA
WSAUnhookBlockingHook
gethostname
WSAEnumProtocolsW
closesocket
WSARecvFrom
recv

version

GetFileVersionInfoA
VerInstallFileA
GetFileVersionInfoSizeA

msvcrt

strchr
_mbsnbcat
difftime
vprintf
_chdrive
_pclose
wcstod
getc
abort
_umask
strtoul

Sections

.text
Size: 10KB - Virtual size: 229KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

90a10afb56cbb7e4316d895df9b66c9b

Headers

File Characteristics

Imports

advapi32

kernel32

user32

shell32

ws2_32

version

msvcrt

Sections

.text Size: 10KB - Virtual size: 229KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 3.4MB - Virtual size: 3.4MB

.rsrc Size: 19KB - Virtual size: 18KB

.text
Size: 10KB - Virtual size: 229KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 3.4MB - Virtual size: 3.4MB

.rsrc
Size: 19KB - Virtual size: 18KB