11e47c943cebd9067f2701f05c79e4d7_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

11e47c943cebd9067f2701f05c79e4d7_JaffaCakes118
Size

244KB
MD5

11e47c943cebd9067f2701f05c79e4d7
SHA1

a34074428a1b4f9ea768a5a0500f7effa6c066d4
SHA256

bd6804c428e7276880d0dc140490480582d0569a62d30ef7dca96b50782cbacf
SHA512

e04e6ce23ea8a24c83424b8da219338dc56f9591927c675ada095e752d3153b5544cb6cca6eb9121474f4c777a375ca6551ebfadfd2b4bc954fb2454d0a2e6d3
SSDEEP

1536:2IEV59ojFAVa+ATbUvk3vdfHcyHWsaQoJ80SN647kqkOQFJ7KzsMKUCy8:27V59+WVaKM3vpnXoNrGkqZRzsMKUp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
11e47c943cebd9067f2701f05c79e4d7_JaffaCakes118

Files

11e47c943cebd9067f2701f05c79e4d7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e1cba30353ecf8eec36af58b4bf14403

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FormatMessageA
GetWindowsDirectoryW
GetLastError
GetCurrentProcess
GetWindowsDirectoryA
WaitForSingleObject
CloseHandle
LoadLibraryA
GetProcAddress
GetShortPathNameA
GetSystemDirectoryA
GetShortPathNameW
GetLocaleInfoA
GetCurrentThread
GetSystemDirectoryW
MultiByteToWideChar
LocalFree
GetUserDefaultLCID
FreeLibrary
GlobalAlloc
Sleep
DeleteCriticalSection
EnterCriticalSection
GetCommandLineA
GetVersion
SetConsoleCtrlHandler
HeapReAlloc
VirtualAlloc
SetFilePointer
InterlockedIncrement
InterlockedDecrement
IsBadCodePtr
IsBadWritePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
WriteFile
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetFileType
GetVersionExA
GlobalFree
ExitProcess
InitializeCriticalSection
GetEnvironmentStringsW
GetEnvironmentStrings
SetHandleCount
GetStdHandle
FreeEnvironmentStringsW
CompareStringW
CompareStringA
GetLocaleInfoW
GetTimeZoneInformation
FlushFileBuffers
EnumSystemLocalesA
IsValidCodePage
IsValidLocale
SetStdHandle
RtlUnwind
SetEnvironmentVariableA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetFileAttributesA
GetModuleHandleA
GetStartupInfoA
TerminateProcess
GetOEMCP
FreeEnvironmentStringsA
WideCharToMultiByte
GetModuleFileNameA
UnhandledExceptionFilter
LeaveCriticalSection
FatalAppExitA
GetCPInfo
GetACP
TlsFree
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
HeapFree
HeapAlloc

user32

LoadCursorA
SetWindowPos
LoadBitmapA
RegisterClassA
ShowWindow
LoadIconA
UpdateWindow
CreateWindowExA
GetWindowRect
GetDesktopWindow
RedrawWindow
DispatchMessageA
TranslateMessage
GetMessageA
ReleaseDC
GetDC
GetClientRect
DefWindowProcA
PostQuitMessage
EndPaint
BeginPaint
DestroyWindow
InvalidateRect
SetTimer
MessageBoxA
LoadStringA
DialogBoxParamA
LoadImageA

gdi32

DeleteDC
GetStockObject
StretchBlt
DeleteObject
RealizePalette
SelectPalette
GetObjectA
CreatePalette
SetStretchBltMode
GetDIBColorTable
SelectObject
CreateCompatibleDC

advapi32

StartServiceA
CreateServiceA
CloseServiceHandle
OpenThreadToken
OpenProcessToken
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegSetValueExA
RegQueryValueExA
SetTokenInformation
AdjustTokenPrivileges
LookupPrivilegeValueA
CreateProcessAsUserW
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenSCManagerA
DeleteService
ControlService
OpenServiceA

shell32

ShellExecuteExA

upscontrol

??0CEvents@@QAE@XZ
?InitUPS@CEventGenerator@@QAE?AVErrCode@@XZ
?GetDataItem@CEventGenerator@@QBE?AVErrCode@@_KPAN@Z
??0CEventGenerator@@QAE@XZ
?GetUPSEvents@CEventGenerator@@QAE?AVErrCode@@PAVCEvents@@@Z
?HasEventTriggered@CEvents@@QAE_NW4EventParam@1@@Z
??1CEvents@@UAE@XZ
??1CEventGenerator@@UAE@XZ

Sections

.text
Size: 160KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

abyiaot
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e1cba30353ecf8eec36af58b4bf14403

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

upscontrol

Sections

.text Size: 160KB - Virtual size: 157KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 24KB - Virtual size: 27KB

.idata Size: 8KB - Virtual size: 5KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 36KB - Virtual size: 36KB

abyiaot Size: - Virtual size: 4KB

.text
Size: 160KB - Virtual size: 157KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 24KB - Virtual size: 27KB

.idata
Size: 8KB - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 36KB - Virtual size: 36KB

abyiaot
Size: - Virtual size: 4KB