fea62cba1d1e480cfc8008550570459c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fea62cba1d1e480cfc8008550570459c_JaffaCakes118
Size

452KB
MD5

fea62cba1d1e480cfc8008550570459c
SHA1

b8922cc54ae4aec09118e92cb542c0080b1289a9
SHA256

e9890bb7ade9c49320ab99bda312040bf3f1425d38b777df69fd7a0d310d5632
SHA512

0efc9a31e6ba440d1e597c1a657acbc7d3b60448318dec650b19ee9d98c2dff2914fc65b5f96c9e08a5e7bf64050ab945fcf08f6e501b8bff8440aed2e451f43
SSDEEP

12288:s8epkPlNMNquvbJmGE2vQCw0osEmBOY95V5mv2:xnP3MouVxyCwXmBOYN5F

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fea62cba1d1e480cfc8008550570459c_JaffaCakes118

Files

fea62cba1d1e480cfc8008550570459c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7a1b7082b1a618f550d9fdcf1d757b51

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileSize
GetLastError
GetLocalTime
GetLogicalDriveStringsA
GetModuleFileNameA
GetModuleHandleA
GetPrivateProfileIntA
GetPrivateProfileStringA
GetProcAddress
GetStartupInfoA
GetStdHandle
GetSystemDirectoryA
GetTempFileNameA
GetTempPathA
GetTickCount
GetVersionExA
GlobalAlloc
GlobalFree
IsDebuggerPresent
LoadLibraryA
LoadResource
LocalFree
LockResource
MultiByteToWideChar
OpenEventA
OpenProcess
Process32First
Process32Next
ReadConsoleA
ReadFile
GetDriveTypeA
RtlMoveMemory
RtlZeroMemory
SetComputerNameExA
SetConsoleCtrlHandler
SetConsoleMode
SetConsoleTextAttribute
SetConsoleTitleA
SetEvent
SetFilePointer
SetUnhandledExceptionFilter
SizeofResource
Sleep
TerminateProcess
WaitForSingleObject
WideCharToMultiByte
WriteConsoleA
WriteFile
WritePrivateProfileStringA
lstrcmpA
lstrcmpiA
lstrcpyA
lstrlenA
GetConsoleWindow
DebugActiveProcessStop
GetConsoleScreenBufferInfo
FillConsoleOutputCharacterA
GetCurrentThread
GetDiskFreeSpaceExA
GetCurrentProcessId
GetCurrentProcess
GetCommandLineA
FreeLibrary
FreeConsole
FormatMessageA
FlushFileBuffers
FindResourceA
ExpandEnvironmentStringsA
ExitProcess
DeleteFileA
CreateToolhelp32Snapshot
CreateProcessA
CreateFileA
CreateEventA
CopyFileA
CloseHandle
ResetEvent
AllocConsole
SetConsoleCursorPosition

user32

ChangeDisplaySettingsA
wsprintfA
GetAsyncKeyState
SetWindowPos
SetForegroundWindow
SendMessageA
MessageBoxA
LoadIconA
GetSystemMetrics
GetSystemMenu
GetParent
GetForegroundWindow
EnableMenuItem
ExitWindowsEx
EnumDisplaySettingsA

ntdll

ZwSetInformationThread
ZwQuerySystemInformation
ZwQueryInformationProcess
NtShutdownSystem
NtQueryInformationProcess

shell32

ord680
ShellExecuteA
ShellExecuteExA

advapi32

AdjustTokenPrivileges
CloseServiceHandle
DeleteService
LockServiceDatabase
LookupPrivilegeValueA
OpenProcessToken
OpenSCManagerA
OpenServiceA
QueryServiceConfigA
QueryServiceStatus
RegCloseKey
RegDeleteValueA
RegFlushKey
RegOpenKeyExA
RegSetValueExA
StartServiceA
UnlockServiceDatabase
ChangeServiceConfigA

iphlpapi

GetAdaptersInfo

dhcpcsvc

DhcpNotifyConfigChange

ws2_32

WSACleanup
WSAStartup
inet_addr

shlwapi

StrToIntA

winmm

mciSendStringA
PlaySoundA
timeKillEvent
timeSetEvent

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 408KB - Virtual size: 407KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7a1b7082b1a618f550d9fdcf1d757b51

Headers

File Characteristics

Imports

kernel32

user32

ntdll

shell32

advapi32

iphlpapi

dhcpcsvc

ws2_32

shlwapi

winmm

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 12KB - Virtual size: 38KB

.rsrc Size: 408KB - Virtual size: 407KB

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 12KB - Virtual size: 38KB

.rsrc
Size: 408KB - Virtual size: 407KB