c2468e79261405b0281ebb39b8e534e1_JaffaCakes118

General

Target

c2468e79261405b0281ebb39b8e534e1_JaffaCakes118
Size

138KB
MD5

c2468e79261405b0281ebb39b8e534e1
SHA1

1ad321fb676636de42f2b390a9f97a248ecddca1
SHA256

ee3e52f8bf8b7438e39db27f6661f9cc977ea2eec3462199720c4eb984d5ed43
SHA512

2c1127dde09eef03b420b9041ea73badb2b2b6a3b335b2ac6b2db631e77cf0e30eac03961a1848cfcbd9c134bad7c8776644ec154855868edbb4c6e1525d8352
SSDEEP

3072:OIpkCc3Duf+K3/Vp+UMwhFnn0zh0FM012pytPDrpNjg3p1:xpkxS2KpYqFquMstxNjg3f

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c2468e79261405b0281ebb39b8e534e1_JaffaCakes118

Files

c2468e79261405b0281ebb39b8e534e1_JaffaCakes118
.exe windows:1 windows x86 arch:x86

10adff2e8f33be10de64f778dda5f00d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcatA
GetTapeStatus
CopyFileA
ReleaseMutex
SetEnvironmentVariableW
GetProfileSectionW
GetLastError
CreateFileA
GetModuleHandleA
EnterCriticalSection
SetSystemTime
GetNumberOfConsoleInputEvents
GetFileSizeEx
GetModuleHandleExA
OpenProcess
FindClose
LeaveCriticalSection
VirtualFree
FindActCtxSectionGuid
InitializeCriticalSection
lstrcpyW
FindFirstFileA
TryEnterCriticalSection
SetConsoleOutputCP
DeleteFileA
FreeLibraryAndExitThread
CloseHandle
GetPrivateProfileIntW
lstrcpyA
GetWindowsDirectoryA
GetCurrentProcess
VirtualAlloc
GetConsoleDisplayMode
GetModuleFileNameA
ReadFile
Sleep
GetSystemDirectoryW
DuplicateHandle
WriteFile

advapi32

TreeResetNamedSecurityInfoW
GetEventLogInformation
AdjustTokenPrivileges
OpenProcessToken
RegOpenKeyA
ComputeAccessTokenFromCodeAuthzLevel
CloseServiceHandle
OpenSCManagerA
LookupPrivilegeValueA
RegCloseKey
RegLoadKeyA
EnumServicesStatusA
RegSetValueExA
RegQueryValueExA
WmiFileHandleToInstanceNameW

ntdll

RtlAnsiStringToUnicodeString
memcpy
strstr
RtlInitAnsiString
strlen
NtQueryObject
NtQuerySystemInformation
RtlFreeUnicodeString
wcsstr
ZwLoadDriver
vsprintf

ole32

CoCreateGuid

ws2_32

accept
socket
closesocket
connect
WSAAddressToStringW
send
htons
htonl
WSAStartup
getsockopt

psapi

EnumProcesses
GetProcessImageFileNameA

user32

CharLowerW

Sections

.data
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 416B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

10adff2e8f33be10de64f778dda5f00d

Headers

File Characteristics

Imports

kernel32

advapi32

ntdll

ole32

ws2_32

psapi

user32

Sections

.data Size: 10KB - Virtual size: 9KB

.text Size: 512B - Virtual size: 416B

.idata Size: 2KB - Virtual size: 2KB

.data
Size: 10KB - Virtual size: 9KB

.text
Size: 512B - Virtual size: 416B

.idata
Size: 2KB - Virtual size: 2KB