da2ee4c879e875891ad1c279602bd35b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

da2ee4c879e875891ad1c279602bd35b_JaffaCakes118
Size

155KB
MD5

da2ee4c879e875891ad1c279602bd35b
SHA1

929a5bd870a6c3084d5c20e6b950d81e27aa61db
SHA256

35db0448d5a3526f045447170039b372ad137a6171508744a09ed40030adbb96
SHA512

6dea325d20d1b1c5f18195eeef0bfd7783c457857ea00c0502ff8bd38b795629f47eb99bc99890a108ab4c3d5fbd9fc3f683efe6d044ce7f6d7d4af75b0d17a3
SSDEEP

3072:uGA84Jid2bSTZbNgI18YC+QfsWCf4v5qi3+LR50DyhYuv:o8Cw2GNNgI18D+Q00veLR50uhYuv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
da2ee4c879e875891ad1c279602bd35b_JaffaCakes118

Files

da2ee4c879e875891ad1c279602bd35b_JaffaCakes118
.exe windows:1 windows x86 arch:x86

46c4c6c87f7307e1bd77242f0399a35a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

ShellExecuteW

kernel32

GetModuleHandleA
LeaveCriticalSection
lstrcatW
WriteFile
OpenMutexW
FindNextFileA
lstrcpyW
GetWindowsDirectoryA
CreateFileW
DeleteFileA
HeapCompact
FindClose
DuplicateHandle
CopyFileA
CloseHandle
RtlZeroMemory
VerifyConsoleIoHandle
WriteConsoleOutputCharacterA
GetCurrentProcess
EnterCriticalSection
OpenProcess
Sleep
FindFirstFileA
lstrcpyA
GetFileSizeEx
FindFirstFileExA
GetSystemDirectoryA
GetSystemDirectoryW
GetLocaleInfoA
VirtualFree
GetProfileStringW
GetLastError
lstrcatA
ReadFile
GetPrivateProfileIntA
VirtualAlloc
LocalAlloc
EraseTape
LocalFileTimeToFileTime
TerminateProcess
ReadConsoleInputA
GetModuleFileNameA
GetConsoleOutputCP
SetThreadUILanguage
SetCPGlobal
GetEnvironmentVariableA
CreateSemaphoreA
InitializeCriticalSection
CreateFileA
GetTickCount
GetProcAddress
DeleteFileW
GetSystemDefaultLCID
GetLocaleInfoW

advapi32

RegSetValueExA
AdjustTokenPrivileges
CloseServiceHandle
RegQueryValueExA
RegCreateKeyA
A_SHAUpdate
RegOpenKeyA
LookupPrivilegeValueA
GetTrusteeFormA
EnumServicesStatusA
TrusteeAccessToObjectA
WmiSetSingleItemA
OpenProcessToken
OpenSCManagerA
ElfRegisterEventSourceW
RegCloseKey

ntdll

memcpy
NtQuerySystemInformation
sprintf
vsprintf
strlen
isdigit
strstr
RtlAnsiStringToUnicodeString
_chkstk
RtlInitAnsiString
NtQueryObject
strncmp
RtlFreeUnicodeString
wcsstr
memset
isspace
ZwLoadDriver
tolower

psapi

EnumProcesses
GetProcessImageFileNameA

ws2_32

htons
closesocket
WSARemoveServiceClass
WSACancelAsyncRequest
WSASendDisconnect
socket
select
connect
send
closesocket
WSAStartup
gethostbyname
recv
htonl
__WSAFDIsSet
WSAAccept

ole32

CoCreateGuid

user32

CharLowerW
EnumWindowStationsW
ExitWindowsEx

Sections

.data
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 407B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

46c4c6c87f7307e1bd77242f0399a35a

Headers

File Characteristics

Imports

shell32

kernel32

advapi32

ntdll

psapi

ws2_32

ole32

user32

Sections

.data Size: 17KB - Virtual size: 16KB

.text Size: 512B - Virtual size: 407B

.idata Size: 3KB - Virtual size: 2KB

.data
Size: 17KB - Virtual size: 16KB

.text
Size: 512B - Virtual size: 407B

.idata
Size: 3KB - Virtual size: 2KB