JaffaCakes118_26e5f05cbb9b6d19e2761dc9cd92a022

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_26e5f05cbb9b6d19e2761dc9cd92a022
Size

251KB
MD5

26e5f05cbb9b6d19e2761dc9cd92a022
SHA1

254951b967e70158f813c3238f3fd58cf18275be
SHA256

64b627cf8b6d39d1a3dafac5244f589dbe85a9cd29e5b537635e86b566ce8abe
SHA512

66c4d5f5a72d5e0348f29cced1fc8ca7e4cfa8f98c8d78dd0898ea335a79eeaae5a82f2c928b68a4730e940d702bb7070416b2ae09d62351ff62099efb00e2d3
SSDEEP

3072:fES9nbDTU2g4sGC94zz7JWzGncye3ylei7EZovoq8URz3fRaZX6fnvry3dqRAefi:fESpbDTUFETw2mnq8UR9yX6fvG3y7TTe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_26e5f05cbb9b6d19e2761dc9cd92a022

Files

JaffaCakes118_26e5f05cbb9b6d19e2761dc9cd92a022
.exe windows:4 windows x86 arch:x86

731f172583621256866c9a8daa2aa262

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoCreateInstance
CoUninitialize
OleRun
CoTaskMemFree
CoInitialize

kernel32

IsDebuggerPresent
GetLocalTime
GetProcessHeap
GetPrivateProfileStringW
GetFileSize
UnmapViewOfFile
FormatMessageW
WaitForMultipleObjects
OutputDebugStringA
DeleteFileW
SetUnhandledExceptionFilter
GetTempPathW
TlsFree
TlsGetValue
lstrcpyW
GetDateFormatW
LocalFree
LoadLibraryExW
WaitForSingleObject
EnterCriticalSection
GetPrivateProfileIntW
SetFilePointer
OpenProcess
LeaveCriticalSection
FindNextFileW
CreateFileMappingW
MapViewOfFile
FindFirstFileW
CreateMutexW
lstrcpynW
TlsSetValue
FindClose
GetCurrentThreadId
SetLastError
TlsAlloc
CloseHandle
GetModuleHandleW
lstrlenW
DeleteCriticalSection
OpenEventW
HeapFree
FreeLibrary
CreateFileW
ReadFile
CreateEventW
DeviceIoControl
UnhandledExceptionFilter
CreateProcessW
ResetEvent
WriteFile
CreateDirectoryW
GetSystemTimeAsFileTime
GetTimeFormatW
VirtualAllocEx

ws2_32

send
gethostbyname
bind
WSAEventSelect
htons
socket
WSAWaitForMultipleEvents
inet_addr
connect
htonl
ntohs
gethostname
WSAAccept
listen
closesocket
recv
WSAStartup
shutdown
WSACleanup
WSAGetLastError
WSASetEvent
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents

advapi32

SetServiceStatus
SetSecurityDescriptorDacl
BuildExplicitAccessWithNameW
SetEntriesInAclW
StartServiceCtrlDispatcherW
InitializeSecurityDescriptor
SetSecurityInfo
AdjustTokenPrivileges
OpenSCManagerW
RegCloseKey
GetSecurityInfo
DeleteService
OpenProcessToken
CloseServiceHandle
QueryServiceStatus
StartServiceW
LookupAccountSidW
OpenServiceW
RegOpenKeyExW
RegisterServiceCtrlHandlerW
GetSecurityDescriptorDacl
RegQueryValueExW
RegConnectRegistryW
GetTokenInformation
ConvertStringSecurityDescriptorToSecurityDescriptorW
LookupPrivilegeValueW
CreateProcessAsUserW
CreateServiceW
ControlService
ConvertStringSidToSidW
DuplicateTokenEx
GetUserNameW
SetTokenInformation

urlmon

FindMimeFromData

user32

LoadStringW
wsprintfW

mscms

CreateProfileFromLogColorSpaceW
UnregisterCMMW
InternalGetPS2CSAFromLCS
OpenColorProfileA
InstallColorProfileW
SetColorProfileHeader

zipfldr

DllGetClassObject
RouteTheCall

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.YDee
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.yfOok
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.jRe
Size: 512B - Virtual size: 382B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xMC
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Qq
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.CrDK
Size: 512B - Virtual size: 315B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 211KB - Virtual size: 493KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aI
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

731f172583621256866c9a8daa2aa262

Headers

DLL Characteristics

File Characteristics

Imports

ole32

kernel32

ws2_32

advapi32

urlmon

user32

mscms

zipfldr

Sections

.text Size: 17KB - Virtual size: 16KB

.YDee Size: 2KB - Virtual size: 3KB

.yfOok Size: 2KB - Virtual size: 3KB

.jRe Size: 512B - Virtual size: 382B

.xMC Size: 1024B - Virtual size: 1KB

.Qq Size: 1KB - Virtual size: 2KB

.rdata Size: 3KB - Virtual size: 3KB

.CrDK Size: 512B - Virtual size: 315B

.data Size: 211KB - Virtual size: 493KB

.aI Size: 1KB - Virtual size: 2KB

.rsrc Size: 9KB - Virtual size: 9KB

.text
Size: 17KB - Virtual size: 16KB

.YDee
Size: 2KB - Virtual size: 3KB

.yfOok
Size: 2KB - Virtual size: 3KB

.jRe
Size: 512B - Virtual size: 382B

.xMC
Size: 1024B - Virtual size: 1KB

.Qq
Size: 1KB - Virtual size: 2KB

.rdata
Size: 3KB - Virtual size: 3KB

.CrDK
Size: 512B - Virtual size: 315B

.data
Size: 211KB - Virtual size: 493KB

.aI
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 9KB - Virtual size: 9KB