JaffaCakes118_9fe8aafc865c4c90f563f7420446bbf4

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_9fe8aafc865c4c90f563f7420446bbf4
Size

261KB
MD5

9fe8aafc865c4c90f563f7420446bbf4
SHA1

8414d076e3f1bc2baa11f7d1d0e2163e93cb9a26
SHA256

017ba2eafb0fa212408d0edb15b14a197abea9bdc94aa04135c6b1bcc21f127f
SHA512

b56bb28db1b34e76bf9bae8807b843cc216448bd3094fa8f8ec8b8f7623d51f96b02298ffe5bfb61931da82673dd289c6c8e0c2f6d1c76ad7a9c125285a4b84f
SSDEEP

6144:Um6G50HU+Iwxs7MHDgxKMI2gO7+cFUp1/LNhOx/StbecB:UmYUDmZ72gmlE/Ogt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_9fe8aafc865c4c90f563f7420446bbf4

Files

JaffaCakes118_9fe8aafc865c4c90f563f7420446bbf4
.exe windows:4 windows x86 arch:x86

45c762f8b3d4889c1e3514f61339b988

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

socket
ioctlsocket
htons
accept
setsockopt
recv
closesocket
gethostbyname
inet_addr
getsockopt
select
send
WSAStartup
shutdown
connect
WSAGetLastError

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
GetSidSubAuthority
AddAccessAllowedAce
AreAllAccessesGranted
LsaOpenPolicySce
CryptGetProvParam
ConvertStringSDToSDRootDomainW
LsaOpenAccount
ObjectPrivilegeAuditAlarmA
FileEncryptionStatusW
UnregisterIdleTask
TraceEventInstance
BuildSecurityDescriptorW
RegisterServiceCtrlHandlerExA
SystemFunction031
OpenServiceW
SetSecurityInfo
LsaQueryForestTrustInformation
LsaCreateTrustedDomain
InitiateSystemShutdownExA
GetInformationCodeAuthzPolicyW
LsaFreeMemory
CredFree
RegCreateKeyExW
RegRestoreKeyW
OpenServiceA
CryptReleaseContext
UnregisterTraceGuids
SystemFunction001
LogonUserExW
CredWriteA
SaferComputeTokenFromLevel
CryptEncrypt
StartTraceW
GetCurrentHwProfileW
CryptSetProviderW
SetAclInformation
LookupPrivilegeValueW
GetTrusteeNameA
GetMultipleTrusteeOperationA
GetSecurityInfoExA
WmiFileHandleToInstanceNameW
GetTrusteeNameW
IsValidSid
ElfCloseEventLog
LookupPrivilegeValueA
SetNamedSecurityInfoA
AccessCheckAndAuditAlarmW
CreatePrivateObjectSecurity
CryptGetDefaultProviderA
CryptSignHashW
AdjustTokenPrivileges
SystemFunction009
NotifyChangeEventLog
LsaGetQuotasForAccount
ConvertStringSidToSidW
RegEnumValueA
AbortSystemShutdownA
CreateServiceA
RegisterEventSourceW
SetPrivateObjectSecurity
LsaCreateAccount
EnumServicesStatusExA
ComputeAccessTokenFromCodeAuthzLevel
LsaICLookupNames
LockServiceDatabase
DeleteAce
IsWellKnownSid

kernel32

UnmapViewOfFile
OutputDebugStringA
FlushFileBuffers
CreateDirectoryA
PeekNamedPipe
GetSystemTime
SetUnhandledExceptionFilter
FreeEnvironmentStringsA
GetSystemDefaultLangID
LCMapStringA
GetLocalTime
DeleteCriticalSection
GetCommandLineA
IsBadCodePtr
GetSystemDefaultLCID
VirtualAlloc
lstrlenW
GetFileType
MoveFileA
WriteFile
CompareStringW
SetFilePointer
FindResourceA
lstrlenA
GetACP
TlsFree
CloseHandle
RaiseException
GetTimeZoneInformation
GetOEMCP
DeleteFileA
SetStdHandle
GetFileInformationByHandle
CompareStringA
LockFile
MapViewOfFile
RtlUnwind
LCMapStringW
GetComputerNameA
FreeEnvironmentStringsW
GetSystemInfo
LeaveCriticalSection
FormatMessageA
WideCharToMultiByte
GetTempPathA
GetSystemTimeAsFileTime
TlsGetValue
CreateFileA
CreateFileMappingA
HeapAlloc
HeapFree
HeapDestroy
TlsAlloc
FreeLibrary
EnterCriticalSection
SetEnvironmentVariableA
TlsSetValue
SetLastError
GetStdHandle
GetCurrentThreadId
HeapReAlloc
ReadFile
GetModuleHandleA
UnlockFile
VirtualFree
LoadResource
SetHandleCount
GetFileSize
LockResource
FileTimeToSystemTime
HeapSize
SetEndOfFile
HeapCreate
VirtualAllocEx
GlobalAlloc

rpcrt4

UuidCreate

ncobjapi

WmiCreateObject

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.BwOE
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.znDXy
Size: 512B - Virtual size: 225B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ZrKw
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.HYgNH
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 210KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.HOPMIAe
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reRsjUV
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.yUbi
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qgPw
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.RdUaa
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.uUlfV
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.PuWmPZL
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

45c762f8b3d4889c1e3514f61339b988

Headers

File Characteristics

Imports

ws2_32

advapi32

kernel32

rpcrt4

ncobjapi

Sections

.text Size: 18KB - Virtual size: 18KB

.BwOE Size: 2KB - Virtual size: 1KB

.znDXy Size: 512B - Virtual size: 225B

.ZrKw Size: 3KB - Virtual size: 2KB

.HYgNH Size: 2KB - Virtual size: 2KB

.rdata Size: 210KB - Virtual size: 209KB

.HOPMIAe Size: 3KB - Virtual size: 2KB

.reRsjUV Size: 2KB - Virtual size: 1KB

.yUbi Size: 2KB - Virtual size: 1KB

.data Size: 6KB - Virtual size: 81KB

.qgPw Size: 1KB - Virtual size: 1KB

.rsrc Size: 3KB - Virtual size: 3KB

.RdUaa Size: 3KB - Virtual size: 2KB

.uUlfV Size: 512B - Virtual size: 256B

.PuWmPZL Size: 2KB - Virtual size: 1KB

.text
Size: 18KB - Virtual size: 18KB

.BwOE
Size: 2KB - Virtual size: 1KB

.znDXy
Size: 512B - Virtual size: 225B

.ZrKw
Size: 3KB - Virtual size: 2KB

.HYgNH
Size: 2KB - Virtual size: 2KB

.rdata
Size: 210KB - Virtual size: 209KB

.HOPMIAe
Size: 3KB - Virtual size: 2KB

.reRsjUV
Size: 2KB - Virtual size: 1KB

.yUbi
Size: 2KB - Virtual size: 1KB

.data
Size: 6KB - Virtual size: 81KB

.qgPw
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 3KB - Virtual size: 3KB

.RdUaa
Size: 3KB - Virtual size: 2KB

.uUlfV
Size: 512B - Virtual size: 256B

.PuWmPZL
Size: 2KB - Virtual size: 1KB