27631052b54b8eb8e985c2584375c0a1_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

27631052b54b8eb8e985c2584375c0a1_JaffaCakes118
Size

851KB
MD5

27631052b54b8eb8e985c2584375c0a1
SHA1

e255cdf43420006e2260e00075575b5f1958e50f
SHA256

cb8c1cdda5cfb911819748834bcb673192db99c07a4d73d0d6760ef85d8cee30
SHA512

b70c5ca4cac12afc46107228bdd9e9226a16aaa3553dccb3e52bb5dbf08696d539cfcd82ee8384f7a712c4d25342de55e702e8420bf30a0477ec2f7031a92283
SSDEEP

24576:7GBsl1PKhMX5JQXn0UYyX2c86h4s+kFSpxaCyVecx:asPPKhMX5JQXn0IA6hixIVe2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
27631052b54b8eb8e985c2584375c0a1_JaffaCakes118

Files

27631052b54b8eb8e985c2584375c0a1_JaffaCakes118
.exe windows:5 windows x86 arch:x86

37a2907e94382ea0b7145be792d5c649

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

iassvcs

IASGetDictionary
IASRegisterComponent
IASRadiusCrypt
IASAdler32
IASUninitialize
IASRequestThread
IASSetMaxThreadIdle
IASSetMaxNumberOfThreads
IASAllocateUniqueID
IASInitialize
IASReportEvent
IASGetHostByName
IASVariantChangeType
IASGetLocalDictionary

kernel32

lstrcpynA
LZRead
AddAtomA
WaitForSingleObjectEx
SetFilePointerEx
SetStdHandle
GlobalHandle
LoadLibraryA
GetEnvironmentStringsA
DebugBreakProcess
ReadFile
GetTimeZoneInformation
GetNumaNodeProcessorMask
VirtualAllocEx
GlobalWire
SwitchToFiber
GetCurrentConsoleFont
ReadDirectoryChangesW
ExpungeConsoleCommandHistoryW
VirtualAlloc

shlwapi

PathFileExistsA
SHRegEnumUSValueW
UrlCanonicalizeW
UrlHashA
PathAddBackslashA
StrIsIntlEqualW
PathGetDriveNumberA
StrRetToStrW
AssocQueryKeyA
PathGetCharTypeA
SHRegGetBoolUSValueW
ChrCmpIA
StrFromTimeIntervalA
PathFindNextComponentA
StrStrIW
StrChrW
PathAddExtensionA
SHRegDuplicateHKey
PathMakePrettyA

duser

ForwardGadgetMessage
DUserSendEvent
InitGadgets
SetGadgetRect
IsStartDelete
GetGadgetSize
DUserCastHandle
SetGadgetStyle
DUserPostMethod
RegisterGadgetProperty
GetStdPalette
DUserPostEvent
IsInsideContext
UtilDrawBlendRect
SetGadgetOrder
AutoTrace

ntdll

RtlGetCurrentPeb
ZwWaitForDebugEvent
strchr
RtlCheckForOrphanedCriticalSections
RtlSelfRelativeToAbsoluteSD
wcsncpy
_vsnprintf
ZwOpenSymbolicLinkObject
NtOpenObjectAuditAlarm
RtlpUnWaitCriticalSection
NtUnmapViewOfSection
NtRemoveIoCompletion
NtSetBootOptions
ZwRegisterThreadTerminatePort
_alldvrm
RtlMultiAppendUnicodeStringBuffer
NtCreateMailslotFile
DbgUiConvertStateChangeStructure
NtSetDebugFilterState

advapi32

RegRestoreKeyW
WmiSetSingleItemW
GetNamedSecurityInfoExA
ImpersonateSelf
LsaEnumerateAccountRights
ElfOpenEventLogA
WmiQuerySingleInstanceA
TraceEvent
OpenSCManagerW
CredProfileLoaded
CryptSignHashA
LookupAccountSidA
LsaDeleteTrustedDomain
RegDeleteKeyW
CredDeleteA
RegOpenUserClassesRoot
OpenEncryptedFileRawW
SystemFunction016
SystemFunction035

Sections

.text
Size: 744KB - Virtual size: 743KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

37a2907e94382ea0b7145be792d5c649

Headers

DLL Characteristics

File Characteristics

Imports

iassvcs

kernel32

shlwapi

duser

ntdll

advapi32

Sections

.text Size: 744KB - Virtual size: 743KB

.rdata Size: 99KB - Virtual size: 99KB

.data Size: 4KB - Virtual size: 1.4MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 1008B

.text
Size: 744KB - Virtual size: 743KB

.rdata
Size: 99KB - Virtual size: 99KB

.data
Size: 4KB - Virtual size: 1.4MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 1008B