2d8ba16b6f1ad36af37708d909b9588e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2d8ba16b6f1ad36af37708d909b9588e_JaffaCakes118
Size

80KB
MD5

2d8ba16b6f1ad36af37708d909b9588e
SHA1

ef29204933bf81e740b350b341475e81627ac6d6
SHA256

b4ad1921f409ef4296b919df772f8c89ff0231f6bb6b39513036f59d8a8789ca
SHA512

78c7d26b51ba59886980e632aea416a58d265a72d5d19e5c37a1eb83ecf66f504cb47c47ddf27fd67b599ee74e281af80d0773c7e506bfad762d61ae00dee38b
SSDEEP

1536:/Zucw/pZnb/JFGzHQbYuTeIkFRC7BPr8ZqH+09ItRIo9r:h3wh9L7bYhIqCl8Mi5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2d8ba16b6f1ad36af37708d909b9588e_JaffaCakes118

Files

2d8ba16b6f1ad36af37708d909b9588e_JaffaCakes118
.exe windows:5 windows x86 arch:x86

2d581c0d913cc4bcf1dff8231058ce58

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

EndDialog
DialogBoxParamA
SendDlgItemMessageA
SendMessageA
ShowWindow
SetParent
MessageBoxA
LoadStringA

kernel32

GetTickCount
GetDriveTypeA
CreateFileA
FindClose
DeleteFileA
HeapFree
GetCurrentDirectoryA
Sleep
QueryDosDeviceA
DeviceIoControl
SetLastError
CreateProcessA
GetDiskFreeSpaceA
GetCurrentProcessId
GetSystemTimeAsFileTime
ClearCommBreak
GetProcessHeap
FreeLibrary
GetProcAddress
BackupWrite
FindFirstFileA
HeapAlloc
CreateThread
CopyFileA
GetSystemTime
SetHandleInformation
CloseHandle
SetFileAttributesA
SetEndOfFile
OpenEventA
SetFileTime
QueryPerformanceCounter
EnterCriticalSection
GetExitCodeProcess
GetCurrentThreadId
lstrcpynA
LeaveCriticalSection
ExitProcess
DeleteCriticalSection
GetFileAttributesA
SetUnhandledExceptionFilter
GetCommandLineA
MoveFileA
DosDateTimeToFileTime
GetSystemDirectoryA
WideCharToMultiByte
RemoveDirectoryA
SetErrorMode
GetVersionExA
SetFilePointer
SetThreadAffinityMask
ExpandEnvironmentStringsA
MoveFileExA
LocalFileTimeToFileTime
FindNextFileA
WriteFile
SetVolumeLabelA
ReadFile
SystemTimeToFileTime
SetEvent

ntdll

NtAdjustPrivilegesToken
NtOpenProcessToken
NtClose
NtShutdownSystem

advapi32

GetLengthSid
InitiateSystemShutdownA
OpenProcessToken
AllocateAndInitializeSid
InitializeAcl
CryptAcquireContextA
SetSecurityDescriptorDacl
CryptGenRandom
GetTokenInformation
InitializeSecurityDescriptor
AddAccessAllowedAce
CryptReleaseContext

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.octq
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 139KB - Virtual size: 267KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2d581c0d913cc4bcf1dff8231058ce58

Headers

File Characteristics

Imports

user32

kernel32

ntdll

advapi32

shell32

Sections

.text Size: 8KB - Virtual size: 7KB

.data Size: 7KB - Virtual size: 119KB

.octq Size: 3KB - Virtual size: 3KB

.edata Size: 139KB - Virtual size: 267KB

.text
Size: 8KB - Virtual size: 7KB

.data
Size: 7KB - Virtual size: 119KB

.octq
Size: 3KB - Virtual size: 3KB

.edata
Size: 139KB - Virtual size: 267KB