JaffaCakes118_0cdce7db4e4fb4139b30977f1cec4898

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_0cdce7db4e4fb4139b30977f1cec4898
Size

261KB
MD5

0cdce7db4e4fb4139b30977f1cec4898
SHA1

6a8245a68d284af3095ecba310cdf285a1377790
SHA256

b7dc79bb7742a7c73b157f582daafd25c5b34e41ac79f02ab74358b124aad2f8
SHA512

f6879feaf25abc7d437dd3e1e5012321ac07610b486c6158ecf043493a55374579e0b0ad62c361c76373bd68acfa27d4b60c5ec6b0e72680939cfbda070f8a96
SSDEEP

6144:FGFg35ZTXXB404eu65LEf03yKp8U6hlUZOFRKOoaS9:4oLTXx4lH65LE8hmoZUwO6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_0cdce7db4e4fb4139b30977f1cec4898

Files

JaffaCakes118_0cdce7db4e4fb4139b30977f1cec4898
.exe windows:4 windows x86 arch:x86

8c47f50de63ea28833787bd4af526cb1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

UuidCreate

user32

wsprintfA
LoadStringW
CharToOemA
OemToCharA

kernel32

SetFileTime
CancelIo
ReleaseMutex
lstrlenA
DeleteFileA
FindNextFileA
GlobalFindAtomA
GetSystemDefaultLCID
FindFirstFileW
HeapFree
GetPrivateProfileStringW
GlobalAddAtomA
CreateThread
GetDriveTypeA
DeleteCriticalSection
IsDebuggerPresent
GetSystemDirectoryA
ReadFile
SetErrorMode
EnterCriticalSection
HeapAlloc
GetCurrentThreadId
lstrcmpiA
FindFirstFileA
SetFilePointer
GetFileTime
WriteFile
DeviceIoControl
WideCharToMultiByte
CloseHandle
GetProcessHeap
FindClose
GetVolumeInformationA
CreateFileW
WaitForMultipleObjects
SetFileAttributesA
GetSystemInfo
GetACP
CreateFileA
CreateEventA
SetVolumeLabelA
SetLastError
CopyFileW
SetUnhandledExceptionFilter
WaitForSingleObject
GetPrivateProfileStringA
lstrcpyA
FileTimeToSystemTime
GetModuleHandleA
SetFileAttributesW
GetFullPathNameA
SetEndOfFile
QueueUserWorkItem
GetThreadLocale
CopyFileA
GetOverlappedResult
GetShortPathNameA
FindResourceA
CreateMutexA
UnhandledExceptionFilter
LeaveCriticalSection
lstrlenW
DeleteFileW
GetSystemTimeAsFileTime
lstrcpynA
SizeofResource
SetThreadLocale
GetShortPathNameW
VirtualAllocEx

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

ws2_32

inet_ntoa
ntohl

iphlpapi

GetIfEntry
GetIpAddrTable

advapi32

RegCreateKeyExA
RegSetValueExA
RegCreateKeyExW
RegQueryValueExA
RegDeleteValueA
GetSecurityDescriptorDacl
IsValidSecurityDescriptor
GetSecurityDescriptorSacl
OpenSCManagerA
GetSecurityDescriptorOwner
GetSecurityDescriptorLength
RegCloseKey
RegEnumValueA
QueryServiceStatus
SetKernelObjectSecurity
LookupPrivilegeValueA
ControlService
RegQueryValueExW
RegEnumKeyExA
RegDeleteValueW
GetSecurityDescriptorControl
GetUserNameW
OpenProcessToken
StartServiceA
CloseServiceHandle
OpenServiceA
IsValidSid
GetKernelObjectSecurity
ChangeServiceConfigA
RegSetValueExW
CreateServiceW
IsValidAcl
AdjustTokenPrivileges
GetSecurityDescriptorGroup
QueryServiceConfigA
DeleteService
RegOpenKeyExA
RegDeleteKeyA

userenv

GetProfileType
FreeGPOListW
LoadUserProfileW
GetProfilesDirectoryW
GetProfilesDirectoryA
RefreshPolicy
ProcessGroupPolicyCompletedEx
GetNextFgPolicyRefreshInfo

colbact

DllRegisterServer
GetClassInfoForCurrentUser
PartitionAccessCheck

Sections

.jQzls
Size: 512B - Virtual size: 16KB

IMAGE_SCN_MEM_READ

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.IlaRAAg
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.GjeF
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UxAAnX
Size: 512B - Virtual size: 166B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.PpmnmOs
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gpxaz
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 7KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 209KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.uNpF
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.YahYH
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mywsjUp
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dxcYdXH
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8c47f50de63ea28833787bd4af526cb1

Headers

File Characteristics

Imports

rpcrt4

user32

kernel32

version

ws2_32

iphlpapi

advapi32

userenv

colbact

Sections

.jQzls Size: 512B - Virtual size: 16KB

.text Size: 19KB - Virtual size: 18KB

.IlaRAAg Size: 2KB - Virtual size: 1KB

.GjeF Size: 3KB - Virtual size: 2KB

.UxAAnX Size: 512B - Virtual size: 166B

.PpmnmOs Size: 1024B - Virtual size: 777B

.gpxaz Size: 2KB - Virtual size: 1KB

.data Size: 7KB - Virtual size: 132KB

.rdata Size: 209KB - Virtual size: 209KB

.uNpF Size: 3KB - Virtual size: 2KB

.rsrc Size: 6KB - Virtual size: 5KB

.YahYH Size: 1KB - Virtual size: 1KB

.mywsjUp Size: 2KB - Virtual size: 2KB

.dxcYdXH Size: 2KB - Virtual size: 2KB

.jQzls
Size: 512B - Virtual size: 16KB

.text
Size: 19KB - Virtual size: 18KB

.IlaRAAg
Size: 2KB - Virtual size: 1KB

.GjeF
Size: 3KB - Virtual size: 2KB

.UxAAnX
Size: 512B - Virtual size: 166B

.PpmnmOs
Size: 1024B - Virtual size: 777B

.gpxaz
Size: 2KB - Virtual size: 1KB

.data
Size: 7KB - Virtual size: 132KB

.rdata
Size: 209KB - Virtual size: 209KB

.uNpF
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 6KB - Virtual size: 5KB

.YahYH
Size: 1KB - Virtual size: 1KB

.mywsjUp
Size: 2KB - Virtual size: 2KB

.dxcYdXH
Size: 2KB - Virtual size: 2KB