159fca61233dc95beda7d63d2fed84a1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

159fca61233dc95beda7d63d2fed84a1_JaffaCakes118
Size

252KB
MD5

159fca61233dc95beda7d63d2fed84a1
SHA1

908f2d247a8c135310aa14943e9e625d50190fef
SHA256

3405167031704f81a502f4e1879ba9bb9d7067aeeed49e5699b9abc96dc879ce
SHA512

b1dd0a65ecae80a0fdc1cbc44259df5723c10fd20ad9c659d188e4758bb60c3f850757393b1babfc3964191415b6753be7d54ee542a9c38644746deeb6df7ee8
SSDEEP

6144:QjRL3eGesjUJlYeP4mQxJZIcTkr5vUYjCv/Ic:Qp3eD0YY26ZIcToXjAA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
159fca61233dc95beda7d63d2fed84a1_JaffaCakes118

Files

159fca61233dc95beda7d63d2fed84a1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8d2489ae3f7d7377578826cc3fc86248

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

LoadStringA

kernel32

GetTempFileNameW
CreateMutexW
GetCurrentDirectoryA
GetSystemTimeAsFileTime
FindFirstFileW
LCMapStringA
SetUnhandledExceptionFilter
FindFirstFileA
FindNextFileA
GetStringTypeExA
FindClose
GlobalFree
CloseHandle
CreateFileW
FreeLibrary
ReleaseMutex
CreateDirectoryA
GetSystemDirectoryA
FormatMessageW
CreateDirectoryW
GetUserDefaultLCID
LocalFree
FindNextFileW
GetCurrentThreadId
GetFileSize
IsDebuggerPresent
WaitForSingleObject
GetTempPathW
UnhandledExceptionFilter
CreateThread
GetModuleHandleW
GetStartupInfoA
VirtualAllocEx
GlobalAlloc

wininet

DetectAutoProxyUrl

advapi32

RegQueryValueExA
GetTokenInformation
GetUserNameA
RegCloseKey
OpenThreadToken
RegOpenKeyExA
GetSidSubAuthority
BuildImpersonateTrusteeW
BuildTrusteeWithSidW
CredEnumerateA
FlushTraceW
SystemFunction026
CreateTraceInstanceId
GetKernelObjectSecurity
CreateProcessAsUserW
GetAccessPermissionsForObjectW
ChangeServiceConfigA
I_ScPnPGetServiceName
ImpersonateAnonymousToken
AddAccessDeniedAceEx
GetNumberOfEventLogRecords
LsaQueryInfoTrustedDomain
LsaLookupNames
EncryptionDisable
ChangeServiceConfig2W
OpenProcessToken
SetSecurityDescriptorGroup
CryptSetProviderExA
ImpersonateLoggedOnUser
LsaFreeMemory
SystemFunction009
GetNamedSecurityInfoA
MD4Init
ConvertAccessToSecurityDescriptorW
QueryServiceLockStatusW
RegReplaceKeyW
InitializeSecurityDescriptor
ClearEventLogW
SetNamedSecurityInfoExA
GetMultipleTrusteeW
BuildTrusteeWithObjectsAndSidA
SetPrivateObjectSecurity
ProcessIdleTasks
GetSecurityDescriptorDacl
GetManagedApplicationCategories
CreateProcessWithLogonW
LsaClearAuditLog
WmiQueryAllDataW
LookupPrivilegeNameW
ProcessTrace
ElfReportEventA
ElfRegisterEventSourceA
BuildExplicitAccessWithNameA
CryptSetProviderW
AccessCheckByTypeResultListAndAuditAlarmByHandleW
RegOverridePredefKey
CryptContextAddRef

ws2_32

socket
WSAStartup
accept
inet_addr
getservbyport
bind
getsockopt
WSAGetLastError
htonl
htons
__WSAFDIsSet
connect
WSASetLastError
getservbyname
gethostbyaddr
closesocket
listen
recv
gethostbyname
WSACleanup
ioctlsocket
send
getsockname
select
ntohs
inet_ntoa

ole32

CoTaskMemFree

txflog

DllGetClassObject

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.pyDRLa
Size: 1024B - Virtual size: 946B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.utdF
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.YorQB
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.YQSwuoJ
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mmpS
Size: 1024B - Virtual size: 646B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ykYNSn
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 209KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.LAFplfL
Size: 1024B - Virtual size: 585B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.JCrn
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.sPxi
Size: 1024B - Virtual size: 887B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.iDOXnF
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.AxcsGB
Size: 512B - Virtual size: 466B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8d2489ae3f7d7377578826cc3fc86248

Headers

File Characteristics

Imports

user32

kernel32

wininet

advapi32

ws2_32

ole32

txflog

Sections

.text Size: 17KB - Virtual size: 17KB

.pyDRLa Size: 1024B - Virtual size: 946B

.utdF Size: 2KB - Virtual size: 1KB

.YorQB Size: 3KB - Virtual size: 2KB

.YQSwuoJ Size: 1KB - Virtual size: 1KB

.mmpS Size: 1024B - Virtual size: 646B

.ykYNSn Size: 512B - Virtual size: 176B

.rdata Size: 209KB - Virtual size: 208KB

.LAFplfL Size: 1024B - Virtual size: 585B

.data Size: 8KB - Virtual size: 1.2MB

.JCrn Size: 1KB - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 1KB

.sPxi Size: 1024B - Virtual size: 887B

.iDOXnF Size: 1KB - Virtual size: 1KB

.AxcsGB Size: 512B - Virtual size: 466B

.text
Size: 17KB - Virtual size: 17KB

.pyDRLa
Size: 1024B - Virtual size: 946B

.utdF
Size: 2KB - Virtual size: 1KB

.YorQB
Size: 3KB - Virtual size: 2KB

.YQSwuoJ
Size: 1KB - Virtual size: 1KB

.mmpS
Size: 1024B - Virtual size: 646B

.ykYNSn
Size: 512B - Virtual size: 176B

.rdata
Size: 209KB - Virtual size: 208KB

.LAFplfL
Size: 1024B - Virtual size: 585B

.data
Size: 8KB - Virtual size: 1.2MB

.JCrn
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 1KB

.sPxi
Size: 1024B - Virtual size: 887B

.iDOXnF
Size: 1KB - Virtual size: 1KB

.AxcsGB
Size: 512B - Virtual size: 466B