ef1cfc91e8c37838f9b7586ae29f2ade_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ef1cfc91e8c37838f9b7586ae29f2ade_JaffaCakes118
Size

157KB
MD5

ef1cfc91e8c37838f9b7586ae29f2ade
SHA1

ac31212deda836cdc11316f469b30e45e47361da
SHA256

fee68dd8c4e1e49ec135194a18fb0d9a6f73a94ff8d9fff394e20863e9892eb4
SHA512

a93ac5935bf298adb1828240f19992d8d5810196fd80bb50beb69448bd90b9fdddd4586e6d2b02cd5c64d3e03809ffbcb59f374cce05e9fa1228bc14816ee9e8
SSDEEP

3072:5ceHW2iWDsd15jmjSkFxgFWYX4xSX+DypZ93yzJ5:5JWWId15je1yFWYdXGypm5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ef1cfc91e8c37838f9b7586ae29f2ade_JaffaCakes118

Files

ef1cfc91e8c37838f9b7586ae29f2ade_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8c672d1e5ba5844b168bb646be0a697d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetPathFromIDListA
SHBrowseForFolderA

advapi32

SetSecurityDescriptorDacl
AddAccessAllowedAce
OpenProcessToken
CryptReleaseContext
AllocateAndInitializeSid
InitializeAcl
InitializeSecurityDescriptor
CryptGenRandom
InitiateSystemShutdownA
GetLengthSid
CryptAcquireContextA
GetTokenInformation

ntdll

NtClose
NtAdjustPrivilegesToken
NtShutdownSystem
NtOpenProcessToken

kernel32

CreateThread
OpenEventA
SetUnhandledExceptionFilter
GetPriorityClass
HeapFree
SetEvent
HeapAlloc
WriteFile
LocalFileTimeToFileTime
ExitProcess
CopyFileA
LeaveCriticalSection
SetTimerQueueTimer
CloseHandle
GetSystemTime
GetDiskFreeSpaceA
FreeLibrary
SetLastError
GetCurrentProcessId
EnterCriticalSection
GetFileSize
DeleteFileA
GetDriveTypeA
GetCurrentDirectoryA
FindNextFileA
MoveFileExA
GetVersionExA
WideCharToMultiByte
SetFileTime
GetProcessHeap
ExpandEnvironmentStringsA
DosDateTimeToFileTime
GetTickCount
SetFilePointer
SystemTimeToFileTime
ReadFile
OpenSemaphoreA
CreateEventA
lstrcpynA
GetExitCodeProcess
GetProcAddress
IsSystemResumeAutomatic
RemoveDirectoryA
GetCurrentThreadId
FindFirstFileA
QueryPerformanceCounter
GetSystemDirectoryA
DeviceIoControl
GetFileAttributesA
SetErrorMode
SetFileAttributesA
SetEndOfFile
SetThreadAffinityMask
CreateFileA
QueryDosDeviceA
Sleep
CreateProcessA
MoveFileA
GetCommandLineA
VirtualQuery
GetSystemTimeAsFileTime
BackupWrite
DeleteCriticalSection
FindClose

user32

SendMessageA
ShowWindow
EndDialog
SetParent
MessageBoxA
LoadStringA
DialogBoxParamA
SendDlgItemMessageA

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xoah
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 138KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8c672d1e5ba5844b168bb646be0a697d

Headers

File Characteristics

Imports

shell32

advapi32

ntdll

kernel32

user32

Sections

.text Size: 7KB - Virtual size: 6KB

.data Size: 7KB - Virtual size: 120KB

.xoah Size: 3KB - Virtual size: 3KB

.edata Size: 138KB - Virtual size: 263KB

.text
Size: 7KB - Virtual size: 6KB

.data
Size: 7KB - Virtual size: 120KB

.xoah
Size: 3KB - Virtual size: 3KB

.edata
Size: 138KB - Virtual size: 263KB