f0b9f50c6a247ac5ca9cc95135b83dcf_JaffaCakes118

General

Target

f0b9f50c6a247ac5ca9cc95135b83dcf_JaffaCakes118
Size

387KB
MD5

f0b9f50c6a247ac5ca9cc95135b83dcf
SHA1

c1b276883da10fa2bf1c37a3851781e5c702a601
SHA256

068af8016c36fce5cf1e1a4722c1dc0d6e02cb6ed58b61c2ba99a54d294cc274
SHA512

f02fcb14ffd9415281c4e2f916fb8a38e80bcd885a1ec6e07b73698c9878a8318e60092da859818cdf49de263f99f768684da5ecea669a9a2623a03a5d6db1bb
SSDEEP

6144:89FHululululululu4uOjzzUDjTgfH1okjroGWr2:89FHKKKKKKFzjzQJ5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f0b9f50c6a247ac5ca9cc95135b83dcf_JaffaCakes118

Files

f0b9f50c6a247ac5ca9cc95135b83dcf_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e24946fd3b548d18411ea3dc85666a69

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegEnumKeyW
OpenEventLogW
ClearEventLogA
LogonUserW
InitializeAcl
CryptSignHashW
RegOpenKeyA
ControlService
RegReplaceKeyA
RegSaveKeyA
RegCreateKeyExA
RegUnLoadKeyA

authz

AuthzAddSidsToContext
AuthzInitializeContextFromSid

shlwapi

UrlIsNoHistoryW
PathIsRootW
UrlGetLocationW
UrlCombineW
PathCommonPrefixA
UrlIsOpaqueW
PathCompactPathW
PathAppendA
PathCombineA
UrlCompareW
PathIsURLW
UrlIsA
UrlHashW
UrlGetPartW

wtsapi32

WTSFreeMemory
WTSSetSessionInformationW
WTSVirtualChannelRead
WTSWaitSystemEvent
WTSRegisterSessionNotification
WTSQueryUserToken
WTSVirtualChannelPurgeInput
WTSQuerySessionInformationA
WTSSetUserConfigW
WTSEnumerateSessionsW
WTSEnumerateServersA

kernel32

WaitForSingleObject
CreateJobObjectW
GetProcAddress
GetStringTypeW
OpenJobObjectW
InitializeCriticalSection
GetCommandLineW
MoveFileA
GetModuleHandleA
GetTempPathA
ReadConsoleA
GetProfileSectionA
GetSystemDirectoryA
CreateMailslotA
CreateFileW
GetLogicalDriveStringsA
GetModuleFileNameW
UnmapViewOfFile
GetDateFormatA
GetVersion
LoadLibraryExA
GetExpandedNameA
lstrcmpiA
DeleteFileW
SearchPathW
GetTickCount
GetFileAttributesW
MoveFileExA
GetConsoleAliasA

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 293KB - Virtual size: 293KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e24946fd3b548d18411ea3dc85666a69

Headers

File Characteristics

Imports

advapi32

authz

shlwapi

wtsapi32

kernel32

Sections

.text Size: 48KB - Virtual size: 48KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 30KB - Virtual size: 30KB

.rsrc Size: 293KB - Virtual size: 293KB

.text
Size: 48KB - Virtual size: 48KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 30KB - Virtual size: 30KB

.rsrc
Size: 293KB - Virtual size: 293KB