e940d20bf352247a3b3b445c306a0165_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

e940d20bf352247a3b3b445c306a0165_JaffaCakes118
Size

50KB
MD5

e940d20bf352247a3b3b445c306a0165
SHA1

aadaab5a19293b15cc5a66927e92d9f383936fe5
SHA256

6ae14ad216e305538f812cf7f256131f1803d6c97edbef9af8953f027ded12b7
SHA512

9ec7acb3ccdc1e3b4ec2fa4504addff241bcc600d111bd092f8025f9b4db684971d811fea686a335007176aab7aea593ef9c03d50808fc46e109d811bf337003
SSDEEP

1536:2H8lrF6OK9EdsAwGnOQOUB6ka9FOoMORrpqFQ:TlrF6OKSw84fpIFQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e940d20bf352247a3b3b445c306a0165_JaffaCakes118

Files

e940d20bf352247a3b3b445c306a0165_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2360c1a8029a7e3a70b10364905a9c5b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

auxSetVolume

msvcrt

_adjust_fdiv
wcsrchr
wcsncmp
wcscpy
_initterm
_wcsicmp
_except_handler3
memset
strrchr
memcpy
wcslen
free
_wcsnicmp
wcscmp
memmove
_vsnwprintf
_vsnprintf
_purecall
malloc
wcsncpy

ole32

CoCreateGuid
CoTaskMemFree
CLSIDFromString
StringFromCLSID

advapi32

RegisterTraceGuidsW
GetTraceEnableFlags
GetSecurityDescriptorDacl
RegSetValueExA
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegOpenKeyExW
RegCloseKey
SetNamedSecurityInfoW
RegOpenKeyExA
GetTraceLoggerHandle
RegOpenKeyW
RegCreateKeyExA
RegQueryValueExA
RegDeleteValueW
GetTraceEnableLevel
RegSetKeySecurity
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW

kernel32

GetCurrentProcessId
DeleteFileW
Sleep
GetVersionExA
LoadLibraryW
SetThreadAffinityMask
CreateFileA
ResumeThread
GetModuleHandleA
TlsAlloc
CreateThread
GetEnvironmentStrings
HeapFree
SetEvent
TlsSetValue
GetEnvironmentStringsW
GetWindowsDirectoryW
GlobalMemoryStatus
GetSystemTime
GetModuleFileNameA
FreeEnvironmentStringsA
lstrlenW
TlsFree
VirtualFree
TlsGetValue
GetModuleHandleW
MapViewOfFile
FindNextFileW
SetLastError
ExitProcess
CreateEventA
InitializeCriticalSection
SetThreadPriority
VirtualProtect
LocalFree
TerminateProcess
GetProcessHeap
DeleteCriticalSection
FreeEnvironmentStringsW
LocalAlloc
FindClose
CreateFileW
InitializeCriticalSectionAndSpinCount
GetProcAddress
GetFileSize
LoadLibraryA
InterlockedExchange
GetProcessAffinityMask
MultiByteToWideChar
OutputDebugStringA
UnmapViewOfFile
CreateDirectoryW
EnterCriticalSection
FindFirstFileW
GetDiskFreeSpaceA
WaitForSingleObject
lstrlenA
FreeLibrary
GetSystemTimeAsFileTime
HeapAlloc
LeaveCriticalSection
GetCurrentProcess
WriteFile
ReadFile
UnhandledExceptionFilter
CloseHandle
GetCurrentThreadId
GetLastError
GetFileAttributesW
SetFileAttributesW
CreateFileMappingA
GetLocalTime
GetSystemInfo
GetTickCount
QueryPerformanceCounter
InterlockedIncrement
DeviceIoControl
RemoveDirectoryW
SetUnhandledExceptionFilter
GetVersion
WideCharToMultiByte
CopyFileW
VirtualAlloc
InterlockedDecrement

mscat32

CryptCATAdminAcquireContext
CryptCATAdminReleaseContext
CryptCATCatalogInfoFromContext
CryptCATAdminEnumCatalogFromHash

lz32

LZClose

Sections

.textbss
Size: 43KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2360c1a8029a7e3a70b10364905a9c5b

Headers

File Characteristics

Imports

winmm

msvcrt

ole32

advapi32

kernel32

mscat32

lz32

Sections

.textbss Size: 43KB - Virtual size: 1.3MB

.text Size: 512B - Virtual size: 420B

.idata Size: 4KB - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 32B

.reloc Size: 512B - Virtual size: 4B

.textbss
Size: 43KB - Virtual size: 1.3MB

.text
Size: 512B - Virtual size: 420B

.idata
Size: 4KB - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 32B

.reloc
Size: 512B - Virtual size: 4B