cef02c08722d4f8ca796b9aba218faa9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

cef02c08722d4f8ca796b9aba218faa9_JaffaCakes118
Size

92KB
MD5

cef02c08722d4f8ca796b9aba218faa9
SHA1

1d22107859581465e3268b707e864ec6f6b0f990
SHA256

2f037e5695199bb0e2cabd608145f632c429051b5bc8628a52aaad87c0339c38
SHA512

9ea2408843bac1df3ba63b264e9be7ddd96b64798dde1e494a11c1e51cff26e9ed7b311daf01d486b53bc015478280ddee166696fe988b73278e770acecf16f2
SSDEEP

1536:CQcfpLWylANM8fItRFyeVIv0X2gr1jJkXdtYv7I3J2Ml9uVLVJ7AfesFVH+qTM1B:z6pLWyyNvw4+rx+Xd6052Ml9u9VWfesm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cef02c08722d4f8ca796b9aba218faa9_JaffaCakes118

Files

cef02c08722d4f8ca796b9aba218faa9_JaffaCakes118
.exe windows:5 windows x86 arch:x86

4e90af63d0915e62dd12eafd2eb6435f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtCreateFile

msvcrt

fread
mbstowcs
free
_strlwr
fclose
sscanf
memmove
strstr
_wcslwr
memcpy
_initterm
fopen
wcscmp
wcslen
_purecall
_strupr
_except_handler3
malloc
_wcsnicmp
fwrite
wcsncmp
printf
memset
wcsrchr
fseek
strncpy
_adjust_fdiv
wcstombs

atmlib

ATMEnumFonts

crypt32

RegCreateHKCUKeyExU

kernel32

CreateFileMappingW
GetCurrentProcess
GetLastError
IsBadReadPtr
GetVersion
HeapFree
GetWindowsDirectoryA
FindFirstFileW
GetCurrentThreadId
EnterCriticalSection
LoadLibraryW
LoadLibraryA
GetWindowsDirectoryW
GetDiskFreeSpaceA
TlsSetValue
FindClose
GetProcessHeap
VirtualProtect
DeleteCriticalSection
WideCharToMultiByte
GetEnvironmentStringsW
HeapAlloc
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
InitializeCriticalSection
GetModuleHandleW
GetVersionExW
MapViewOfFile
CreateDirectoryW
FreeEnvironmentStringsA
DeviceIoControl
SetFileAttributesA
TerminateProcess
SetEvent
LeaveCriticalSection
LocalFree
DeleteFileW
FindNextFileW
WaitForSingleObject
GetCurrentProcessId
GetSystemDirectoryA
SetLastError
CreateEventA
UnmapViewOfFile
SetFileAttributesW
GetSystemTime
TlsFree
GetEnvironmentStrings
FreeLibrary
GlobalMemoryStatus
GetVersionExA
QueryPerformanceCounter
GetTickCount
CloseHandle
TlsAlloc
CreateFileA
GetFileAttributesA
GetFileAttributesW
Sleep
GetProcAddress
TlsGetValue
VirtualAlloc
lstrlenW
ExitProcess
CopyFileA
GetLocalTime
GetSystemTimeAsFileTime
VirtualFree
SetUnhandledExceptionFilter
lstrlenA
FreeEnvironmentStringsW
RemoveDirectoryW

cmdial32

AutoDialFunc

advapi32

RegOpenKeyExA
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegQueryValueExA
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegOpenKeyW
SetNamedSecurityInfoW
RegSetValueExA
GetSecurityDescriptorDacl
RegCreateKeyExA
RegQueryValueExW
RegOpenKeyExW

Sections

.textbss
Size: - Virtual size: 432KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 464B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 892B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4e90af63d0915e62dd12eafd2eb6435f

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

msvcrt

atmlib

crypt32

kernel32

cmdial32

advapi32

Sections

.textbss Size: - Virtual size: 432KB

.text Size: 512B - Virtual size: 464B

.idata Size: 89KB - Virtual size: 88KB

.rdata Size: 512B - Virtual size: 32B

.reloc Size: 512B - Virtual size: 32B

.data Size: 1024B - Virtual size: 892B

.textbss
Size: - Virtual size: 432KB

.text
Size: 512B - Virtual size: 464B

.idata
Size: 89KB - Virtual size: 88KB

.rdata
Size: 512B - Virtual size: 32B

.reloc
Size: 512B - Virtual size: 32B

.data
Size: 1024B - Virtual size: 892B