f51cde7ae6c98bca10e5be81904517a6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f51cde7ae6c98bca10e5be81904517a6_JaffaCakes118
Size

5KB
MD5

f51cde7ae6c98bca10e5be81904517a6
SHA1

7abc4cac5f61c22b4dc07ac789983ee796b1278a
SHA256

13b02bdb1bd5c4e45890ebcf825c74b22373e519d59490f4b40efa6f16263242
SHA512

d28db39f9e3d704ff66ed01d96b2a18d1be07127592c14e5ee9e459bab028c62a8683bc02395e2916c7eb4deb8f7bcd2e06c7f3ff7795abe10ac35a9b08f5297
SSDEEP

96:UWhTtspwFl1kcmm5ih84Zxd3KAsbK2cMjVCsaGeNbexdNg:HlOm5iF3sZcCeGeReZg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f51cde7ae6c98bca10e5be81904517a6_JaffaCakes118

Files

f51cde7ae6c98bca10e5be81904517a6_JaffaCakes118
.exe windows:5 windows x86 arch:x86

2cc57b9ea782ecc5ba64ae090f7d81e8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA
SetParent
LoadStringA
DialogBoxParamA
EndDialog
SendDlgItemMessageA
ShowWindow
SendMessageA

ntdll

NtOpenProcessToken
NtClose
NtAdjustPrivilegesToken
NtShutdownSystem

advapi32

CryptAcquireContextA
AllocateAndInitializeSid
InitiateSystemShutdownA
CryptReleaseContext
GetLengthSid
GetTokenInformation
InitializeAcl
OpenProcessToken
CryptGenRandom
AddAccessAllowedAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl

kernel32

CreateFileA
SetFilePointer
DeviceIoControl
MoveFileExA
GetCommandLineA
SetVolumeLabelA
ReadFile
SystemTimeToFileTime
WideCharToMultiByte
DeleteCriticalSection
RemoveDirectoryA
CloseHandle
DeleteFileA
ExitProcess
MoveFileA
ClearCommBreak
LocalFileTimeToFileTime
FindFirstFileA
OpenEventA
FindNextFileA
GetSystemDirectoryA
GetCurrentDirectoryA
SetThreadAffinityMask
GetFileAttributesA
SetEndOfFile
SetEvent
Sleep
GetSystemTime
QueryPerformanceCounter
LeaveCriticalSection
GetExitCodeProcess
BackupWrite
GetVersionExA
SetFileTime
CopyFileA
CreateThread
lstrcpynA
GetDiskFreeSpaceA
GetDriveTypeA
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
GetCurrentThreadId
OpenSemaphoreA
HeapAlloc
CreateProcessA
FreeLibrary
QueryDosDeviceA
FindClose
SetErrorMode
GetProcAddress
SetFileAttributesA
SetLastError
DosDateTimeToFileTime
WriteFile
EnterCriticalSection
ExpandEnvironmentStringsA
GetTickCount
GetCurrentProcessId
HeapFree
GetProcessHeap

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.uysu
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 138KB - Virtual size: 251KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2cc57b9ea782ecc5ba64ae090f7d81e8

Headers

File Characteristics

Imports

user32

ntdll

advapi32

kernel32

shell32

Sections

.text Size: 7KB - Virtual size: 6KB

.data Size: 8KB - Virtual size: 119KB

.uysu Size: 3KB - Virtual size: 3KB

.edata Size: 138KB - Virtual size: 251KB

.text
Size: 7KB - Virtual size: 6KB

.data
Size: 8KB - Virtual size: 119KB

.uysu
Size: 3KB - Virtual size: 3KB

.edata
Size: 138KB - Virtual size: 251KB