JaffaCakes118_b2f4ecc5d95390b19da2c22e6746c8e5

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_b2f4ecc5d95390b19da2c22e6746c8e5
Size

276KB
MD5

b2f4ecc5d95390b19da2c22e6746c8e5
SHA1

4b43c33d97c8b7ff5e926e77a95e93198d20bdbe
SHA256

26a12258b4d2b09e45a188c5575e55a8928fac91c118efb6cc40c0f5487a7a68
SHA512

c00138b2241c75783c5d38fcf9cc9abebcc59066c9b1dee80880459a50d38b505188a045c739527d83a4033795f9964119e85ecc5e6c0d57fe21a4eeb12c316b
SSDEEP

6144:9/1HnOBywO+PnbfMIQFSQMX0Wy6XtdFCGJvi5w:9NQuU1XXdyvGJo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_b2f4ecc5d95390b19da2c22e6746c8e5

Files

JaffaCakes118_b2f4ecc5d95390b19da2c22e6746c8e5
.exe windows:4 windows x86 arch:x86

913e409d02f20275af7ee12984334a9c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoRevertToSelf
CoGetInterfaceAndReleaseStream
CoQueryProxyBlanket
CoCreateGuid
CoSetProxyBlanket
CoCreateInstance
StringFromGUID2
CoUninitialize
CoMarshalInterThreadInterfaceInStream
CoInitializeEx
CoImpersonateClient

kernel32

RaiseException
GetACP
HeapAlloc
EnterCriticalSection
ResetEvent
CreateEventW
FindVolumeMountPointClose
HeapReAlloc
LeaveCriticalSection
CloseHandle
FindFirstVolumeMountPointW
FormatMessageW
HeapDestroy
GetDriveTypeW
SetUnhandledExceptionFilter
FindNextVolumeMountPointW
DeleteCriticalSection
CreateThread
GetVolumeNameForVolumeMountPointW
WaitForSingleObject
IsDebuggerPresent
HeapFree
GetSystemTime
lstrlenW
GetLogicalDriveStringsW
ResumeThread
HeapSize
GetThreadLocale
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetProcessHeap
GetCurrentThreadId
SetThreadLocale
TerminateThread
GetStartupInfoW
VirtualAlloc

oleaut32

SafeArrayRedim
SysStringByteLen
SafeArrayGetUBound
SafeArrayDestroy
SysStringLen
VariantCopy
VariantTimeToSystemTime
SysAllocStringLen
SafeArrayGetVartype
VariantClear
SafeArrayLock
VarBstrCmp
VariantCopyInd
SysAllocString
SafeArrayUnlock
SysFreeString
SystemTimeToVariantTime
SafeArrayCopy
SafeArrayCreate
LoadTypeLi
VariantInit
SafeArrayGetLBound
SysAllocStringByteLen
LoadRegTypeLi

advapi32

OpenProcessToken
GetTokenInformation
IsValidSid
CopySid
SetThreadToken
GetLengthSid
EqualSid
RegSetValueExW
OpenThreadToken
RegOpenKeyExW
RegCloseKey

user32

UnregisterClassA
wsprintfW

userenv

UnloadUserProfile

esent

JetCreateTable
JetGetLogInfoInstance2
JetOpenDatabase
JetStopService
JetInit
JetGetCurrentIndex
JetDupCursor
JetDBUtilities
JetAttachDatabase
JetCreateDatabase2
JetResetTableSequential
JetFreeBuffer
JetCommitTransaction
JetTerm2

jscript

DllRegisterServer
DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 245KB - Virtual size: 269KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 13KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

913e409d02f20275af7ee12984334a9c

Headers

File Characteristics

Imports

ole32

kernel32

oleaut32

advapi32

user32

userenv

esent

jscript

Sections

.text Size: 14KB - Virtual size: 13KB

.data Size: 245KB - Virtual size: 269KB

.rdata Size: 3KB - Virtual size: 2KB

.rsrc Size: 13KB - Virtual size: 24KB

.text
Size: 14KB - Virtual size: 13KB

.data
Size: 245KB - Virtual size: 269KB

.rdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 13KB - Virtual size: 24KB