JaffaCakes118_21f6f27f483c56fcab2908422fcb3ee1

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_21f6f27f483c56fcab2908422fcb3ee1
Size

535KB
MD5

21f6f27f483c56fcab2908422fcb3ee1
SHA1

cbfc47612d1ffc4b18fef0da883d0d43b9126b73
SHA256

68fe4ddf68cd32aa835a4fe1efd4972f6e76be61e50f44aafc7ec8f33e612553
SHA512

f0bec4c5d8ef6585a33e0d38a4ff75c757a9023fdb2790db363cc016b81784d1f00cf7562039d17ba6c9d546bf7d5ebe97f38ff8e5b8d6f8c9f16372afc77770
SSDEEP

12288:5gbi9I6oqJVNWnwHNneDWcLo7qHY8JgO2:DI3KVLNneacUuHZgO2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_21f6f27f483c56fcab2908422fcb3ee1

Files

JaffaCakes118_21f6f27f483c56fcab2908422fcb3ee1
.exe windows:6 windows x86 arch:x86

a8ffa8f05204dbd831484a4120599c72

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

P:\Target\x86\ship\delivery\x-none\ose.pdb

Imports

advapi32

RegCloseKey
RegCreateKeyExW
RegEnumKeyExW
RegOpenKeyExW
SetThreadToken
RegEnumValueW
RegQueryValueExW
RegSetValueExW
RegNotifyChangeKeyValue
SetServiceStatus
StartServiceCtrlDispatcherW
DuplicateToken
GetUserNameA
RegDeleteValueW
RegisterServiceCtrlHandlerW
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
LookupAccountNameW
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenThreadToken
SetFileSecurityW
RegDeleteKeyW
CryptAcquireContextW
CryptReleaseContext

kernel32

CloseHandle
GetLastError
SetEvent
GetModuleFileNameW
GetDriveTypeW
GetLogicalDrives
lstrcmpW
lstrlenW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
Sleep
ExitProcess
GetCommandLineW
SetErrorMode
ResetEvent
ReleaseMutex
WaitForMultipleObjectsEx
CreateMutexW
CreateEventW
CreateProcessW
GetSystemInfo
GetTickCount
MoveFileExW
CreateFileA
CreateFileW
ReadFile
SetFilePointer
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryExW
DosDateTimeToFileTime
MultiByteToWideChar
WideCharToMultiByte
ReleaseSemaphore
WaitForSingleObject
CreateThread
WaitForMultipleObjects
CreateSemaphoreW
SetFilePointerEx
VirtualAlloc
VirtualFree
GlobalAlloc
GlobalFree
GetSystemTimeAsFileTime
ExpandEnvironmentStringsW
CompareStringW
SetEndOfFile
SetFileTime
WriteFile
GetSystemTime
SystemTimeToFileTime
GetCommandLineA
HeapSetInformation
GetStartupInfoW
DecodePointer
EncodePointer
SetUnhandledExceptionFilter
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetCurrentThread
HeapCreate
QueryPerformanceCounter
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
RaiseException
HeapFree
IsProcessorFeaturePresent
InterlockedExchange
LoadLibraryW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
HeapSize
LCMapStringW
GetStringTypeW
HeapReAlloc
LocalFree
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
FindClose
FindFirstFileW
GetFileSizeEx
CreateDirectoryW
GetFileAttributesW
GetTempPathW
DeleteFileW
FindNextFileW
GetFileAttributesExW
GetFileTime
SetFileAttributesW
GetTempPathA
CopyFileW
CreateHardLinkW
RemoveDirectoryW
FormatMessageA
lstrlenA
GetComputerNameW
GetProcessHeap
FlushFileBuffers
WriteConsoleW
SetStdHandle
GetConsoleMode
GetConsoleCP
LoadLibraryA
LocalAlloc

rpcrt4

RpcRevertToSelf
RpcServerRegisterIfEx
RpcServerUnregisterIf
RpcServerUseProtseqEpW
RpcImpersonateClient
NdrServerCall2

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

wintrust

WinVerifyTrust

Sections

.text
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 400KB - Virtual size: 992KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a8ffa8f05204dbd831484a4120599c72

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

rpcrt4

version

wintrust

Sections

.text Size: 128KB - Virtual size: 127KB

.data Size: 4KB - Virtual size: 12KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 400KB - Virtual size: 992KB

.text
Size: 128KB - Virtual size: 127KB

.data
Size: 4KB - Virtual size: 12KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 400KB - Virtual size: 992KB