1824c1e4488650aa24e053f1dba26aa6_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

1824c1e4488650aa24e053f1dba26aa6_JaffaCakes118
Size

40KB
MD5

1824c1e4488650aa24e053f1dba26aa6
SHA1

9f57cb2fcee85e1d1fcbed1c2dc82ddc6e8f0d1b
SHA256

0d62f6a545fef5552a97ffd4c341867213611612bab11e8dcfe28d9d78e9a855
SHA512

fdb5047eaff76aaca00e7c3ad4b18ad50519d8c2c19e223d5f168993b3ce688049786d007b1f2dc6621a2a79e1e43eee7dc6b796f537bce46fb5a598df64650a
SSDEEP

768:e//cGB7LaR+R9MxovJzbdmLHTEsbahyIVKuI:e//cUNcL4sbgyIV+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1824c1e4488650aa24e053f1dba26aa6_JaffaCakes118

Files

1824c1e4488650aa24e053f1dba26aa6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

50626e8664119804eee75464633cff2a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CharUpperW
GetSystemMetrics
CharLowerW
wsprintfA
CharToOemBuffA
CharUpperA
ExitWindowsEx
OemToCharBuffA
CharLowerA

shlwapi

PathUnExpandEnvStringsW
PathUnExpandEnvStringsA
PathIsRootW
StrCatW
SHRegGetUSValueW
StrRetToBufW
PathFindNextComponentA
PathIsRootA
PathSetDlgItemPathW
DllGetVersion
StrTrimA
SHLoadIndirectString
PathSkipRootA
StrStrA
SHRegGetPathW
StrToIntA
PathSearchAndQualifyW
PathIsUNCServerA
StrToIntExW
SHRegDeleteUSValueA
SHGetValueW
StrChrIA
ColorAdjustLuma
PathCommonPrefixW
PathFindFileNameW
wnsprintfA
UrlIsOpaqueA
PathCreateFromUrlA
PathIsLFNFileSpecA
SHEnumValueW
StrCSpnIW
PathRemoveExtensionW
PathIsContentTypeW
UrlCombineW
PathGetDriveNumberA
UrlCombineA
StrChrA
PathIsFileSpecA
SHRegQueryInfoUSKeyW
StrSpnW
PathRemoveBlanksA
UrlApplySchemeA
PathMakeSystemFolderA
PathStripToRootW
HashData

kernel32

VirtualAlloc
lstrcpyA
OpenEventA
HeapAlloc
IsDebuggerPresent
GetSystemTimeAsFileTime
HeapSize
VirtualUnlock
OpenMutexA
VirtualFree
CreateMutexA
GetTempFileNameA
QueryPerformanceFrequency
GetSystemDirectoryA
GetProcessHeap
GetModuleHandleA
lstrcpyW
EnterCriticalSection
OutputDebugStringA
ReleaseMutex
ReleaseSemaphore
VirtualProtect
LeaveCriticalSection
GetCurrentThreadId
GetTempPathA
GetSystemInfo
ResetEvent
CreateSemaphoreW
CloseHandle
FreeLibrary
GetModuleHandleW
UnhandledExceptionFilter
CreateEventA
GlobalMemoryStatusEx
HeapReAlloc
HeapDestroy
PulseEvent
DeleteCriticalSection
OpenProcess
VirtualLock
SetUnhandledExceptionFilter
ExpandEnvironmentStringsW
HeapFree
WideCharToMultiByte
GetWindowsDirectoryA
WaitForSingleObject
ExpandEnvironmentStringsA
HeapValidate
SleepEx
CreateSemaphoreA
OpenSemaphoreA
GlobalMemoryStatus
SetErrorMode
WaitForSingleObjectEx
GetStartupInfoW
VirtualAllocEx

advapi32

SetSecurityDescriptorDacl
SetThreadToken
GetTokenInformation
AdjustTokenPrivileges
LookupAccountSidA
AddAccessAllowedAce
EqualSid
SetSecurityDescriptorSacl
FreeSid
InitializeSecurityDescriptor
ImpersonateLoggedOnUser
GetUserNameA
CopySid
DuplicateTokenEx
DuplicateToken
InitializeAcl
GetLengthSid
OpenThreadToken
OpenProcessToken
AllocateAndInitializeSid
RevertToSelf
LookupPrivilegeValueA

iassvcs

IASGetLocalDictionary
IASAdler32

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.WDpJ
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.DMky
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.DtKwa
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rKlm
Size: 512B - Virtual size: 161B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.EzVx
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 213KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.focYZls
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.POhCm
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.VjpHGn
Size: 1024B - Virtual size: 951B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dqdWq
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qLii
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

50626e8664119804eee75464633cff2a

Headers

DLL Characteristics

File Characteristics

Imports

user32

shlwapi

kernel32

advapi32

iassvcs

Sections

.text Size: 20KB - Virtual size: 20KB

.WDpJ Size: 2KB - Virtual size: 2KB

.DMky Size: 1KB - Virtual size: 1KB

.DtKwa Size: 2KB - Virtual size: 1KB

.rKlm Size: 512B - Virtual size: 161B

.rdata Size: 4KB - Virtual size: 3KB

.EzVx Size: 1KB - Virtual size: 1KB

.data Size: 213KB - Virtual size: 1.4MB

.focYZls Size: 1KB - Virtual size: 1KB

.POhCm Size: 2KB - Virtual size: 2KB

.rsrc Size: 3KB - Virtual size: 2KB

.VjpHGn Size: 1024B - Virtual size: 951B

.dqdWq Size: 3KB - Virtual size: 2KB

.qLii Size: 3KB - Virtual size: 2KB

.text
Size: 20KB - Virtual size: 20KB

.WDpJ
Size: 2KB - Virtual size: 2KB

.DMky
Size: 1KB - Virtual size: 1KB

.DtKwa
Size: 2KB - Virtual size: 1KB

.rKlm
Size: 512B - Virtual size: 161B

.rdata
Size: 4KB - Virtual size: 3KB

.EzVx
Size: 1KB - Virtual size: 1KB

.data
Size: 213KB - Virtual size: 1.4MB

.focYZls
Size: 1KB - Virtual size: 1KB

.POhCm
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 3KB - Virtual size: 2KB

.VjpHGn
Size: 1024B - Virtual size: 951B

.dqdWq
Size: 3KB - Virtual size: 2KB

.qLii
Size: 3KB - Virtual size: 2KB