JaffaCakes118_e870f9859696cfb3c08f5e6056294c51

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_e870f9859696cfb3c08f5e6056294c51
Size

281KB
MD5

e870f9859696cfb3c08f5e6056294c51
SHA1

7aa20d3def79bc0059f79bbc25d993d0c18ab76c
SHA256

a2c7a5cf782676bccb571ec38459cd15247b3752fb3d1784c49aa0f65926db1e
SHA512

a07aa85e04692ce73b20582db54aadc1a02aa82a78ff4249584261509029640490a7c29dd27f00b032999c984bfe0d66ade9027e9eacf76830ad0c5c09b7c627
SSDEEP

6144:aDOPvkeTkeieZXbMnb0F648hXVu7ryf1s4eb+4fMm/B4A:aNlHelwb0F648NVz/4fMmOA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_e870f9859696cfb3c08f5e6056294c51

Files

JaffaCakes118_e870f9859696cfb3c08f5e6056294c51
.exe windows:5 windows x86 arch:x86

841a2bef1748d676d34bf1c208f32ad1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

StringFromGUID2

rpcrt4

UuidCreate

advapi32

SetSecurityDescriptorDacl
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
RegCreateKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
RegQueryValueExW
InitializeSecurityDescriptor

ws2_32

WSCInstallProvider
WSACleanup
WSCGetProviderPath
WSCWriteProviderOrder
WSAStartup
WSCDeinstallProvider
WSCEnumProtocols

kernel32

WideCharToMultiByte
GetSystemTimeAsFileTime
UnhandledExceptionFilter
HeapReAlloc
ReadFile
EnumSystemLocalesA
GetSystemDirectoryA
HeapDestroy
CloseHandle
HeapFree
GetModuleHandleA
SystemTimeToTzSpecificLocalTime
GetOEMCP
SetEndOfFile
GetConsoleOutputCP
VirtualAlloc
WriteFile
SetUnhandledExceptionFilter
GetCommandLineA
SetStdHandle
TlsGetValue
CreateFileA
InitializeCriticalSectionAndSpinCount
FlushFileBuffers
GetStdHandle
SetLastError
GetModuleHandleW
VirtualFree
SetHandleCount
GetConsoleCP
IsValidCodePage
WriteConsoleW
GetFileType
SetFilePointer
FreeEnvironmentStringsW
GetTimeFormatA
EnterCriticalSection
WriteConsoleA
HeapAlloc
TlsSetValue
GetUserDefaultLCID
LeaveCriticalSection
RtlUnwind
LCMapStringA
RaiseException
GetTempPathA
GetSystemTime
ExpandEnvironmentStringsA
GetACP
TlsFree
FreeEnvironmentStringsA
HeapSize
GetConsoleMode
SystemTimeToFileTime
FreeLibrary
IsDebuggerPresent
LCMapStringW
IsValidLocale
GetProcessHeap
TlsAlloc
FileTimeToSystemTime
GetCurrentThreadId
DeleteCriticalSection
VirtualAllocEx

esent

JetCreateIndex
JetGetLS
JetSetColumnDefaultValue
JetDelete
JetInit2
JetDupCursor
JetCreateDatabase2
JetGetDatabaseFileInfo
JetOSSnapshotFreeze
JetCloseFileInstance
JetGetTableColumnInfo
JetBackupInstance
JetTerm
JetGetInstanceInfo
JetCloseDatabase
JetPrepareToCommitTransaction
JetUpgradeDatabase
JetOSSnapshotThaw
JetGetSecondaryIndexBookmark
JetRestore

compstui

GetCPSUIUserData
CommonPropertySheetUIW
SetCPSUIUserData

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 249KB - Virtual size: 936KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

841a2bef1748d676d34bf1c208f32ad1

Headers

File Characteristics

Imports

ole32

rpcrt4

advapi32

ws2_32

kernel32

esent

compstui

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 249KB - Virtual size: 936KB

.rsrc Size: 5KB - Virtual size: 5KB

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 249KB - Virtual size: 936KB

.rsrc
Size: 5KB - Virtual size: 5KB