e9e514f8b1561011b4f034263c33a890_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e9e514f8b1561011b4f034263c33a890_JaffaCakes118
Size

80KB
MD5

e9e514f8b1561011b4f034263c33a890
SHA1

843997b36ed80d3aeea3c822cb5dc446b6bfa7b9
SHA256

3f1a7d843f9cdd7d834aa67299bc14eee3410e7d68e1aadfc58d500d80083961
SHA512

5b437a83d6511d9e47d5cd8fdb20bf2a4e47810db30363defe6d650f918bcbe499317bb53c0936bbc1a099294a0ea80d122366f71fc22aef57b5e873eab9ebee
SSDEEP

768:Q45BUyjy6qwF+IWK7biguJtqNuKtNh3JfOA95v+Fm/cbe1moSP2mrJF51BZMTXZ5:Q45BUyjyhSRWQbzIqhl32A+wKEM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e9e514f8b1561011b4f034263c33a890_JaffaCakes118

Files

e9e514f8b1561011b4f034263c33a890_JaffaCakes118
.exe windows:4 windows x86 arch:x86

55de673cf9ee233739bd47e3d594dd66

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

inet_ntoa
gethostbyname
gethostname
WSAStartup

advapi32

RegSetValueExA
LookupAccountSidA
OpenProcessToken
GetTokenInformation
LookupPrivilegeValueA
SetSecurityInfo
SetEntriesInAclA
GetUserNameA
RegQueryValueExA
RegCreateKeyExA
RegCloseKey
AdjustTokenPrivileges

mpr

WNetCloseEnum

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc

ole32

CoInitialize
CoCreateInstance

shlwapi

PathFileExistsA

user32

CharUpperA

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
calloc
memcpy
_strnicmp
_ftol
free
strstr
strchr
toupper
rename
strrchr
strlen
strcpy
sprintf
strcat
_EH_prolog
__CxxFrameHandler
fwrite
memset
fopen
fread
fclose
strcmp
malloc
exit

kernel32

SetFileTime
GetFileTime
GetStartupInfoA
GetSystemDefaultLangID
CompareFileTime
MultiByteToWideChar
LoadLibraryA
GetPriorityClass
OpenProcess
GetCurrentProcess
DuplicateHandle
GetLastError
GetComputerNameA
GetPrivateProfileIntA
GetPrivateProfileStringA
CreateFileA
GetFileSize
SetCurrentDirectoryA
CreateProcessA
FileTimeToSystemTime
GetTickCount
FindFirstFileA
CreateDirectoryA
FindNextFileA
FindClose
GetLogicalDriveStringsA
GetDriveTypeA
GetDiskFreeSpaceExA
OpenMutexA
SetEvent
WaitForSingleObject
CreateMutexA
SetFileAttributesA
lstrcmpiA
CopyFileA
GetFileAttributesA
ExitProcess
GetModuleFileNameA
GetWindowsDirectoryA
GetSystemDirectoryA
CreateEventA
CreateThread
SystemTimeToFileTime
DeleteFileA
SetSystemTime
Sleep
GetVersionExA
GetModuleHandleA
LocalFree
GlobalAlloc
GlobalFree
GetProcAddress
FreeLibrary
GetSystemTime
CreateToolhelp32Snapshot
CloseHandle
Process32Next
Process32First

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 27KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.jgd
Size: - Virtual size: 1B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

55de673cf9ee233739bd47e3d594dd66

Headers

File Characteristics

Imports

ws2_32

advapi32

mpr

shell32

ole32

shlwapi

user32

msvcrt

kernel32

Sections

.text Size: 40KB - Virtual size: 39KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 27KB - Virtual size: 91KB

.jgd Size: - Virtual size: 1B

.text
Size: 40KB - Virtual size: 39KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 27KB - Virtual size: 91KB

.jgd
Size: - Virtual size: 1B