c962a6ae686a2cfd2b013342ad307ff4_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

c962a6ae686a2cfd2b013342ad307ff4_JaffaCakes118
Size

93KB
MD5

c962a6ae686a2cfd2b013342ad307ff4
SHA1

e4b7f3e8afd37efed12bfa44a9780ac3208a05b3
SHA256

1d2a3e729e3e7ebf1ab839662acae149f504877888ce75b77fb8f9d86b7e4cd4
SHA512

90d02f1ccfec1614fc0c2a579406a20bdb18eb2028afb00cb32e305ba6b9b328dc393076ada0715b033e2ded12e7f8e3c83e6f9d3a2ef916dc9cf7ddc98195c6
SSDEEP

1536:tBwsV6ocvM90S9O377BM5wxb3IndTTftzECvXBeMaJHFTgH0eCuVOqUpYsFkYXjF:YsVHP90Ss3i5whkHftzEmBeXJH6UePjo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c962a6ae686a2cfd2b013342ad307ff4_JaffaCakes118

Files

c962a6ae686a2cfd2b013342ad307ff4_JaffaCakes118
.exe windows:5 windows x86 arch:x86

99805271ec268fc1d2b6a378e3d5e8d8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForSingleObject
SetStdHandle
Sleep
LeaveCriticalSection
SetCommMask
GetFileAttributesA
GetSystemTime
DosDateTimeToFileTime
MoveFileA
WideCharToMultiByte
GetVersion
GetSystemTimeAsFileTime
SetFileAttributesA
CreateProcessA
SetFilePointer
FindFirstFileA
GetDriveTypeA
OpenEventA
GetSystemDirectoryA
GetCommandLineA
GetProcessHeap
SetEvent
CopyFileA
DeviceIoControl
GetExitCodeProcess
CreateEventA
CreateThread
QueryDosDeviceA
GetVersionExA
HeapAlloc
LoadLibraryA
CreateFileA
LocalFileTimeToFileTime
TerminateProcess
ExitProcess
EnterCriticalSection
ExpandEnvironmentStringsA
SetLastError
GetCurrentThreadId
SetErrorMode
BackupWrite
GetDiskFreeSpaceA
VirtualQuery
DeleteFileA
GetCurrentDirectoryA
ReadFile
GetCurrentProcessId
QueryPerformanceCounter
MoveFileExA
RemoveDirectoryA
FreeLibrary
CloseHandle
SetEndOfFile
SetFileTime
GetProcAddress
lstrcpynA
SetUnhandledExceptionFilter
SetThreadAffinityMask
SetEvent
FindNextFileA
FindClose
GetFileSize
SystemTimeToFileTime
DeleteCriticalSection
WriteFile
HeapFree
GetTickCount

advapi32

OpenProcessToken
GetTokenInformation
InitializeSecurityDescriptor
AllocateAndInitializeSid
CryptGenRandom
CryptAcquireContextA
InitializeAcl
SetSecurityDescriptorDacl
GetLengthSid
CryptReleaseContext
AddAccessAllowedAce
InitiateSystemShutdownA

ntdll

NtOpenProcessToken
NtShutdownSystem
NtClose
NtAdjustPrivilegesToken

user32

EndDialog
SendMessageA
DialogBoxParamA
LoadStringA
ShowWindow
SendDlgItemMessageA
MessageBoxA
SetParent

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zzsjbo
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 126KB - Virtual size: 243KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

99805271ec268fc1d2b6a378e3d5e8d8

Headers

File Characteristics

Imports

kernel32

advapi32

ntdll

user32

shell32

Sections

.text Size: 9KB - Virtual size: 8KB

.data Size: 5KB - Virtual size: 123KB

.zzsjbo Size: 3KB - Virtual size: 3KB

.edata Size: 126KB - Virtual size: 243KB

.text
Size: 9KB - Virtual size: 8KB

.data
Size: 5KB - Virtual size: 123KB

.zzsjbo
Size: 3KB - Virtual size: 3KB

.edata
Size: 126KB - Virtual size: 243KB