d0623aceb5f29422465b1de6cf3d7a78_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d0623aceb5f29422465b1de6cf3d7a78_JaffaCakes118
Size

257KB
MD5

d0623aceb5f29422465b1de6cf3d7a78
SHA1

237442cabfc82a4e8b536356434a288cf4244b13
SHA256

fb04116036c2618128ec0391186d0fab90bd199ede405213bdcf0b289b6e6460
SHA512

d49771f449ed0bf380fb38ea25737637008a66d07ca967828c692141e866de340c923d22b39a74a3722d5cf0f8774dca9ad230e1f53c93d1873e620ac1dd9b69
SSDEEP

6144:M5tnApAq69lEd2CydkKKPJ5HXZ8NMkS978r1z+s6UPiLAwK:M7nApY+LjHhRits78r1V6AiLI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d0623aceb5f29422465b1de6cf3d7a78_JaffaCakes118

Files

d0623aceb5f29422465b1de6cf3d7a78_JaffaCakes118
.exe windows:4 windows x86 arch:x86

10197178e8fa263fb7bb8e6fee496954

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CharToOemA
OemToCharA
LoadStringW
wsprintfA

iphlpapi

GetIpAddrTable
GetIfEntry

ws2_32

ntohl
inet_ntoa

kernel32

FindClose
SetFileAttributesA
DeleteFileA
lstrcpynA
SetFileAttributesW
GetDriveTypeA
FindFirstFileW
DeleteFileW
SizeofResource
WaitForMultipleObjects
GetModuleHandleA
ReadFile
FindNextFileA
QueueUserWorkItem
CreateFileA
WriteFile
CopyFileA
ReleaseMutex
GetSystemDirectoryA
FindFirstFileA
HeapFree
CloseHandle
GetFullPathNameA
HeapAlloc
CopyFileW
SetUnhandledExceptionFilter
SetEndOfFile
CreateThread
GetFileTime
GetThreadLocale
FindResourceA
CreateFileW
GetProcessHeap
GlobalFindAtomA
DeviceIoControl
EnterCriticalSection
lstrcpyA
GetACP
LeaveCriticalSection
GetSystemTimeAsFileTime
CancelIo
SetFilePointer
UnhandledExceptionFilter
GetShortPathNameA
IsDebuggerPresent
CreateMutexA
lstrlenA
GetSystemDefaultLCID
GetOverlappedResult
GetPrivateProfileStringA
FileTimeToSystemTime
GetSystemInfo
SetThreadLocale
GetShortPathNameW
WideCharToMultiByte
SetErrorMode
lstrcmpiA
SetLastError
GetPrivateProfileStringW
WaitForSingleObject
lstrlenW
GlobalAddAtomA
DeleteCriticalSection
SetVolumeLabelA
GetVolumeInformationA
GetCurrentThreadId
SetFileTime
CreateEventA
TlsAlloc
VirtualAllocEx

advapi32

OpenSCManagerA
LookupPrivilegeValueA
GetSecurityDescriptorGroup
ControlService
AdjustTokenPrivileges
StartServiceA
RegQueryValueExW
RegEnumKeyExA
QueryServiceStatus
RegEnumValueA
IsValidSid
RegDeleteValueA
RegDeleteValueW
RegCreateKeyExA
GetSecurityDescriptorLength
GetKernelObjectSecurity
GetUserNameW
RegCloseKey
GetSecurityDescriptorDacl
CreateServiceW
CloseServiceHandle
IsValidAcl
DeleteService
IsValidSecurityDescriptor
RegSetValueExA
GetSecurityDescriptorControl
ChangeServiceConfigA
RegCreateKeyExW
RegDeleteKeyA
OpenServiceA
GetSecurityDescriptorOwner
RegSetValueExW
RegOpenKeyExA
OpenProcessToken
GetSecurityDescriptorSacl
RegQueryValueExA
QueryServiceConfigA
SetKernelObjectSecurity

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

rpcrt4

UuidCreate

userenv

GetProfileType
FreeGPOListW
GetUserProfileDirectoryA
LoadUserProfileW
GetGPOListW
GetUserProfileDirectoryW
UnloadUserProfile
GetAllUsersProfileDirectoryA

inseng

DllGetClassObject

Sections

.ejYH
Size: 1KB - Virtual size: 5KB

IMAGE_SCN_MEM_READ

.PBsYOR
Size: 3KB - Virtual size: 33KB

IMAGE_SCN_MEM_READ

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tXZr
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.HvlebMu
Size: 1024B - Virtual size: 958B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ZzEI
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 7KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 209KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.SXHXyr
Size: 512B - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pgFsR
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.baPXJ
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qpBv
Size: 1024B - Virtual size: 579B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

10197178e8fa263fb7bb8e6fee496954

Headers

DLL Characteristics

File Characteristics

Imports

user32

iphlpapi

ws2_32

kernel32

advapi32

version

rpcrt4

userenv

inseng

Sections

.ejYH Size: 1KB - Virtual size: 5KB

.PBsYOR Size: 3KB - Virtual size: 33KB

.text Size: 19KB - Virtual size: 18KB

.tXZr Size: 2KB - Virtual size: 1KB

.HvlebMu Size: 1024B - Virtual size: 958B

.ZzEI Size: 2KB - Virtual size: 1KB

.data Size: 7KB - Virtual size: 159KB

.rdata Size: 209KB - Virtual size: 209KB

.SXHXyr Size: 512B - Virtual size: 228B

.pgFsR Size: 3KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 3KB

.baPXJ Size: 2KB - Virtual size: 1KB

.qpBv Size: 1024B - Virtual size: 579B

.ejYH
Size: 1KB - Virtual size: 5KB

.PBsYOR
Size: 3KB - Virtual size: 33KB

.text
Size: 19KB - Virtual size: 18KB

.tXZr
Size: 2KB - Virtual size: 1KB

.HvlebMu
Size: 1024B - Virtual size: 958B

.ZzEI
Size: 2KB - Virtual size: 1KB

.data
Size: 7KB - Virtual size: 159KB

.rdata
Size: 209KB - Virtual size: 209KB

.SXHXyr
Size: 512B - Virtual size: 228B

.pgFsR
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 3KB

.baPXJ
Size: 2KB - Virtual size: 1KB

.qpBv
Size: 1024B - Virtual size: 579B