JaffaCakes118_79d9b1f1ba9fd094c5be826bf74ae72f

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_79d9b1f1ba9fd094c5be826bf74ae72f
Size

268KB
MD5

79d9b1f1ba9fd094c5be826bf74ae72f
SHA1

e5258c0fe2c2304d302c6009f218b6ffd60b4832
SHA256

dfc403bbd5b4664ed8214ad9b51ed5a184a5485022623ba12b6faf0dd8a1a023
SHA512

fa50ba2cdd7dd3939f337fcdc4aa4c98c481394e5fd596cda5b34ec87d336d6a07f47950f92fc2786451e8e1ff29cdece677a29d62338906d0ea92672fba5f56
SSDEEP

6144:MqQUFpbn2CkudG+zpMaS75RobQvmvD6EBryQ:eC91jMRl4eqGUr/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_79d9b1f1ba9fd094c5be826bf74ae72f

Files

JaffaCakes118_79d9b1f1ba9fd094c5be826bf74ae72f
.exe windows:4 windows x86 arch:x86

ea9d223a679e37c7e6ec6439ed91beb7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoCreateInstance
StringFromGUID2
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
PropVariantClear
CoCreateGuid

user32

CharNextW
CharLowerW
CharUpperW

oleaut32

SysFreeString
VarUI4FromStr
VariantCopy
VariantClear
SysAllocString

kernel32

FreeLibrary
HeapAlloc
FindNextFileW
VirtualFree
LocalFree
SizeofResource
FindResourceExW
DisableThreadLibraryCalls
HeapFree
lstrlenW
MoveFileExW
LockResource
RemoveDirectoryW
WideCharToMultiByte
FindClose
EnterCriticalSection
GetTempPathW
IsDebuggerPresent
RaiseException
GetLocalTime
CreateEventW
GetSystemInfo
lstrcmpiW
WriteFile
WaitForMultipleObjects
WaitForSingleObject
VirtualAlloc
SetUnhandledExceptionFilter
GetCurrentThreadId
SetFileTime
HeapDestroy
GetFileSize
GetTempFileNameW
ReleaseSemaphore
CloseHandle
DeleteFileW
OutputDebugStringW
GetSystemDefaultLangID
CreateSemaphoreW
GlobalFree
LoadLibraryExW
FindFirstFileW
SetFileAttributesW
FindResourceW
LoadResource
DeleteCriticalSection
UnhandledExceptionFilter
ReadFile
LeaveCriticalSection
LocalAlloc
GetProcessHeap
SetLastError
HeapSize
GetSystemTimeAsFileTime
CopyFileW
ResetEvent
CreateFileW
HeapReAlloc
GetModuleHandleW
SetErrorMode
VirtualAllocEx
IsBadWritePtr

userenv

GetAllUsersProfileDirectoryW
GetNextFgPolicyRefreshInfo
RsopFileAccessCheck
GetDefaultUserProfileDirectoryW

shimeng

SE_DllLoaded
SE_DllUnloaded
SE_IsShimDll
SE_InstallAfterInit
SE_DynamicShim
SE_InstallBeforeInit

Sections

.text
Size: 222KB - Virtual size: 222KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.BNrmO
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.JlqeFRu
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.jqpooJu
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.GlaqYZu
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.KRCdnZu
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.NAdlctO
Size: 1024B - Virtual size: 693B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.HPgJ
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bluLPtO
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.SmsFPtO
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ea9d223a679e37c7e6ec6439ed91beb7

Headers

DLL Characteristics

File Characteristics

Imports

ole32

user32

oleaut32

kernel32

userenv

shimeng

Sections

.text Size: 222KB - Virtual size: 222KB

.BNrmO Size: 3KB - Virtual size: 3KB

.JlqeFRu Size: 4KB - Virtual size: 3KB

.rdata Size: 2KB - Virtual size: 21KB

.jqpooJu Size: 4KB - Virtual size: 4KB

.GlaqYZu Size: 4KB - Virtual size: 4KB

.KRCdnZu Size: 1KB - Virtual size: 1KB

.data Size: 9KB - Virtual size: 67KB

.NAdlctO Size: 1024B - Virtual size: 693B

.rsrc Size: 3KB - Virtual size: 2KB

.HPgJ Size: 5KB - Virtual size: 4KB

.bluLPtO Size: 3KB - Virtual size: 2KB

.SmsFPtO Size: 3KB - Virtual size: 3KB

.text
Size: 222KB - Virtual size: 222KB

.BNrmO
Size: 3KB - Virtual size: 3KB

.JlqeFRu
Size: 4KB - Virtual size: 3KB

.rdata
Size: 2KB - Virtual size: 21KB

.jqpooJu
Size: 4KB - Virtual size: 4KB

.GlaqYZu
Size: 4KB - Virtual size: 4KB

.KRCdnZu
Size: 1KB - Virtual size: 1KB

.data
Size: 9KB - Virtual size: 67KB

.NAdlctO
Size: 1024B - Virtual size: 693B

.rsrc
Size: 3KB - Virtual size: 2KB

.HPgJ
Size: 5KB - Virtual size: 4KB

.bluLPtO
Size: 3KB - Virtual size: 2KB

.SmsFPtO
Size: 3KB - Virtual size: 3KB