08ac91915b8ff24e15bb7570d3eb1001_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

08ac91915b8ff24e15bb7570d3eb1001_JaffaCakes118
Size

266KB
MD5

08ac91915b8ff24e15bb7570d3eb1001
SHA1

bfa358bd137d9cf688aadaf59b88220dfa9d66cd
SHA256

526204faea38eaaf74f9bfa8fd94b441fcb32482cba31a0499013bb0f5f14583
SHA512

8a557b97019b30d03d40e81b605c1f7e1b62d904292c7dceb32b3f88844caa019afda5bce03ed506297cb111e7498f47693855b89b4da8026b8d0f34b7a5636d
SSDEEP

6144:7O1rVajHX510xwv2hBF9QyGIjr+PoFjoGZDSd+HP0J+KNHNekmaQo6yX:7OBVcsxwvYVL1+acOkMkmaQo6yX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
08ac91915b8ff24e15bb7570d3eb1001_JaffaCakes118

Files

08ac91915b8ff24e15bb7570d3eb1001_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f6596679e7762903efb9198557f34c5d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

OpenProcessToken
EqualSid
GetTokenInformation
LookupAccountSidA
LookupPrivilegeValueA
AdjustTokenPrivileges
CopySid
OpenThreadToken
AllocateAndInitializeSid
FreeSid
DuplicateTokenEx
RevertToSelf
GetUserNameA
InitializeSecurityDescriptor
AddAccessAllowedAce
GetLengthSid
ImpersonateLoggedOnUser
SetSecurityDescriptorSacl
SetSecurityDescriptorDacl
InitializeAcl
DuplicateToken
SetThreadToken

shlwapi

PathUnExpandEnvStringsA
PathUnExpandEnvStringsW

user32

CharToOemBuffA
OemToCharBuffA
CharUpperA
CharLowerW
CharUpperW
GetSystemMetrics
wsprintfA
CharLowerA
ExitWindowsEx

kernel32

OpenProcess
OpenSemaphoreA
GlobalMemoryStatus
FreeLibrary
VirtualAlloc
lstrcpyW
ReleaseSemaphore
ReleaseMutex
PulseEvent
SetUnhandledExceptionFilter
SleepEx
GetModuleHandleW
CreateSemaphoreW
GetSystemDirectoryA
SetErrorMode
lstrcpyA
CreateEventA
WideCharToMultiByte
IsDebuggerPresent
GetTempFileNameA
EnterCriticalSection
VirtualFree
CreateMutexA
HeapValidate
ResetEvent
ExpandEnvironmentStringsW
HeapDestroy
QueryPerformanceFrequency
UnhandledExceptionFilter
WaitForSingleObjectEx
HeapFree
OpenEventA
ExpandEnvironmentStringsA
VirtualLock
HeapReAlloc
GetCurrentThreadId
DeleteCriticalSection
GetProcessHeap
GetModuleHandleA
VirtualProtect
HeapSize
GlobalMemoryStatusEx
WaitForSingleObject
LeaveCriticalSection
CreateSemaphoreA
OpenMutexA
HeapAlloc
VirtualUnlock
GetTempPathA
GetSystemInfo
GetWindowsDirectoryA
CloseHandle
GetSystemTimeAsFileTime
OutputDebugStringA
GetFullPathNameA

userenv

GetProfileType
FreeGPOListW
EnterCriticalPolicySection
ProcessGroupPolicyCompletedEx
GetUserProfileDirectoryW

mmcshext

DllRegisterServer
DllUnregisterServer

Sections

.fPiq
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

.mtaE
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_MEM_READ

.DMxAV
Size: 2KB - Virtual size: 31KB

IMAGE_SCN_MEM_READ

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.HcZAxDv
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.oOeyA
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.NizdR
Size: 1024B - Virtual size: 764B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qIqGm
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 208KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gPvw
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.yoWXcqe
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.VhEZBRy
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.oYeum
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f6596679e7762903efb9198557f34c5d

Headers

File Characteristics

Imports

advapi32

shlwapi

user32

kernel32

userenv

mmcshext

Sections

.fPiq Size: 512B - Virtual size: 4KB

.mtaE Size: 2KB - Virtual size: 6KB

.DMxAV Size: 2KB - Virtual size: 31KB

.text Size: 20KB - Virtual size: 19KB

.HcZAxDv Size: 2KB - Virtual size: 1KB

.oOeyA Size: 3KB - Virtual size: 2KB

.NizdR Size: 1024B - Virtual size: 764B

.qIqGm Size: 2KB - Virtual size: 1KB

.data Size: 8KB - Virtual size: 107KB

.rdata Size: 208KB - Virtual size: 208KB

.gPvw Size: 2KB - Virtual size: 1KB

.yoWXcqe Size: 1024B - Virtual size: 588B

.VhEZBRy Size: 1KB - Virtual size: 1KB

.rsrc Size: 8KB - Virtual size: 8KB

.oYeum Size: 2KB - Virtual size: 2KB

.fPiq
Size: 512B - Virtual size: 4KB

.mtaE
Size: 2KB - Virtual size: 6KB

.DMxAV
Size: 2KB - Virtual size: 31KB

.text
Size: 20KB - Virtual size: 19KB

.HcZAxDv
Size: 2KB - Virtual size: 1KB

.oOeyA
Size: 3KB - Virtual size: 2KB

.NizdR
Size: 1024B - Virtual size: 764B

.qIqGm
Size: 2KB - Virtual size: 1KB

.data
Size: 8KB - Virtual size: 107KB

.rdata
Size: 208KB - Virtual size: 208KB

.gPvw
Size: 2KB - Virtual size: 1KB

.yoWXcqe
Size: 1024B - Virtual size: 588B

.VhEZBRy
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 8KB - Virtual size: 8KB

.oYeum
Size: 2KB - Virtual size: 2KB