JaffaCakes118_2467abc52c51814960b24c1447b13c23

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_2467abc52c51814960b24c1447b13c23
Size

253KB
MD5

2467abc52c51814960b24c1447b13c23
SHA1

ae4448d01d55d8b6eaa609c362c1ad59ec39df44
SHA256

623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e
SHA512

43f179e3861c379db89c4bad8ae59d5230d01d9e7fe799c549ee3cb175080da95b54898c07f3fcb9967d0139bab2098392d2a6979f7b0169a924ce8a5d1298a4
SSDEEP

6144:UuKoi+OTwIgddDMOMqFCRgeYCCjtA3DfHl/OPYXGlMCvLI56o3uba3Bgr9la:UBTiMkFCRgvA7x4YXCDI58axgr9l

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_2467abc52c51814960b24c1447b13c23

Files

JaffaCakes118_2467abc52c51814960b24c1447b13c23
.exe windows:4 windows x86 arch:x86

a6ce70f74115f147063ca41bf39b9738

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CharLowerBuffA
UnregisterClassA

kernel32

GetThreadLocale
GetSystemTimeAsFileTime
DeleteCriticalSection
IsDebuggerPresent
HeapSize
HeapFree
GetProcessHeap
FindResourceExA
GetCurrentThreadId
LockResource
RaiseException
SizeofResource
lstrlenW
HeapDestroy
HeapAlloc
LoadResource
CreateDirectoryA
GetACP
EnterCriticalSection
SetUnhandledExceptionFilter
lstrlenA
HeapReAlloc
FindResourceA
LeaveCriticalSection
UnhandledExceptionFilter
WideCharToMultiByte
LocalAlloc
VirtualAlloc
GlobalAlloc

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetSidSubAuthority
MakeAbsoluteSD2
IdentifyCodeAuthzLevelW
AllocateLocallyUniqueId
GetTraceLoggerHandle
LsaEnumeratePrivileges
LsaGetQuotasForAccount
CreateProcessAsUserW
SystemFunction024
ConvertStringSDToSDDomainA
AreAllAccessesGranted
BuildImpersonateTrusteeW
WmiQuerySingleInstanceA
RegRestoreKeyA
WmiMofEnumerateResourcesW
CredGetSessionTypes
ElfChangeNotify
QueryTraceA
OpenEventLogA
BuildTrusteeWithNameA
WmiExecuteMethodA
BuildTrusteeWithObjectsAndNameW
MakeAbsoluteSD
ElfBackupEventLogFileW
AccessCheckByType
GetFileSecurityW
CryptDestroyKey
RegEnumKeyExW
LsaCreateTrustedDomain
SetEntriesInAccessListA
SaferGetPolicyInformation
InitializeAcl
RegUnLoadKeyW
CryptEnumProviderTypesW
GetCurrentHwProfileA
GetKernelObjectSecurity
ObjectOpenAuditAlarmW
LsaICLookupNamesWithCreds
CredFree
GetSidIdentifierAuthority
LookupSecurityDescriptorPartsA
CryptGetProvParam
ConvertSidToStringSidW
WmiQueryAllDataW
BuildTrusteeWithNameW
CredRenameA
InitializeSecurityDescriptor
SetSecurityInfoExW
LsaGetUserName
WmiExecuteMethodW
RegCreateKeyA
ElfReadEventLogA
DeleteAce
SaferiCompareTokenLevels
LsaEnumeratePrivilegesOfAccount
DecryptFileA
RegSetValueExA
IsWellKnownSid
AccessCheckByTypeResultList
LsaCreateSecret
WmiSetSingleItemW
LsaICLookupSidsWithCreds
CredProfileLoaded
CredpEncodeCredential
GetMultipleTrusteeW
AbortSystemShutdownW
SaferRecordEventLogEntry

gcdef

DllGetClassObject

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 208KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.YnVeN
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.DJVPC
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qXjai
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.NklP
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.DCtMWgj
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 7KB - Virtual size: 299KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tuYbr
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.HOISTp
Size: 1024B - Virtual size: 791B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.VlEYyz
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.obCGlE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a6ce70f74115f147063ca41bf39b9738

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

advapi32

gcdef

Sections

.text Size: 18KB - Virtual size: 18KB

.rdata Size: 208KB - Virtual size: 208KB

.YnVeN Size: 2KB - Virtual size: 1KB

.DJVPC Size: 3KB - Virtual size: 2KB

.qXjai Size: 1KB - Virtual size: 1KB

.NklP Size: 3KB - Virtual size: 2KB

.DCtMWgj Size: 2KB - Virtual size: 1KB

.data Size: 7KB - Virtual size: 299KB

.tuYbr Size: 512B - Virtual size: 172B

.HOISTp Size: 1024B - Virtual size: 791B

.rsrc Size: 2KB - Virtual size: 1KB

.VlEYyz Size: 1KB - Virtual size: 1KB

.obCGlE Size: 1KB - Virtual size: 1KB

.text
Size: 18KB - Virtual size: 18KB

.rdata
Size: 208KB - Virtual size: 208KB

.YnVeN
Size: 2KB - Virtual size: 1KB

.DJVPC
Size: 3KB - Virtual size: 2KB

.qXjai
Size: 1KB - Virtual size: 1KB

.NklP
Size: 3KB - Virtual size: 2KB

.DCtMWgj
Size: 2KB - Virtual size: 1KB

.data
Size: 7KB - Virtual size: 299KB

.tuYbr
Size: 512B - Virtual size: 172B

.HOISTp
Size: 1024B - Virtual size: 791B

.rsrc
Size: 2KB - Virtual size: 1KB

.VlEYyz
Size: 1KB - Virtual size: 1KB

.obCGlE
Size: 1KB - Virtual size: 1KB