JaffaCakes118_8f4922d54e2d08b1f737dee526248b19

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_8f4922d54e2d08b1f737dee526248b19
Size

54KB
MD5

8f4922d54e2d08b1f737dee526248b19
SHA1

ba1501e3043a486065bde37338d931423a2616a9
SHA256

bccea7546fd54e169749733221e39c4caffeae06892c9660ac2e767434c33af0
SHA512

804241d14ab72274d64fe6cae33451be2f0e64f20376afc18cd5be96cd7257fd51fddd40c74f0e832e8bbc0717d5acc73b6e302db062b3585122408b5aeda1a9
SSDEEP

768:uUFczzfKcmiqDvNYiHm71VEiBMOlvMU+944qvu6nIq704GVOyzu1kWIOhsxJhfGg:lffQ1V5PvMU+944qvuGAsMuJS/F

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_8f4922d54e2d08b1f737dee526248b19

Files

JaffaCakes118_8f4922d54e2d08b1f737dee526248b19
.exe windows:4 windows x86 arch:x86

865b691b197e4ebc6f609724d51085ca

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

psbase

SPDeleteType
SPCloseItem
SPDeleteSubtype
FPasswordChangeNotify
SPGetProvParam
SPCreateType
SPEnumTypes
SPDeleteItem
SPProviderInitialize
SPOpenItem
SPReadItem
SPGetProvInfo
SPWriteItem
SPGetSubtypeInfo
SPReleaseContext
SPEnumItems
SPSetProvParam
SPAcquireContext
SPGetTypeInfo
SPEnumSubtypes
SPCreateSubtype

kernel32

GetExpandedNameA
lstrcmpA
GetLocaleInfoW
GetHandleContext
GlobalDeleteAtom
GetCurrentProcess
Process32FirstW
WritePrivateProfileStringA
VirtualAlloc
GenerateConsoleCtrlEvent
GlobalFindAtomA
LoadLibraryA
GetCurrentProcessId
GetDiskFreeSpaceExW
GetSystemDefaultLCID
CancelDeviceWakeupRequest
SetConsoleNumberOfCommandsW
WritePrivateProfileStructW
ExitProcess
FlushFileBuffers
FreeConsole

oleaut32

VarI8FromBool
OleCreatePropertyFrameIndirect
CreateDispTypeInfo
CreateStdDispatch
VarUI2FromR8
VarDecFromCy
VarMul
VarUI8FromR8
VarDateFromI2
SafeArrayCreate
VarFormatNumber
VarR8FromUI8
SafeArrayDestroyDescriptor
VarI2FromUI4
VarDecFromStr
VarUI4FromBool
VarUI8FromUI2
VarI2FromDate
VarI2FromI4

crtdll

fwprintf
_strspnp
wcstombs
_splitpath
cos
_dup2
memmove
vwprintf
_eof
_strcmpi
wcscspn
_mbsrev
_beep
_putenv
_mbscpy
wscanf
wcslen
_ismbcprint
_snprintf
_lsearch
_ismbbkalnum
_itow
_mbctype
_mbsnbcnt

ntmarta

AccProvGetTrusteesAccess
AccProvGetCapabilities
AccProvSetAccessRights
AccSetEntriesInAList
AccConvertAccessToSecurityDescriptor
AccProvHandleSetAccessRights
AccRewriteGetNamedRights
AccProvRevokeAuditRights
AccProvGetAccessInfoPerObjectType
AccProvHandleRevokeAuditRights
AccTreeResetNamedSecurityInfo
AccProvGrantAccessRights
AccProvIsObjectAccessible
AccRewriteSetNamedRights
AccGetAccessForTrustee
AccLookupAccountTrustee
AccConvertSDToAccess
AccProvGetOperationResults

ntdll

RtlSetControlSecurityDescriptor
RtlCaptureContext
_alldiv
ZwQueryVirtualMemory
NtSetThreadExecutionState
ZwQueryInformationToken
ZwSetContextThread
NtRenameKey
RtlGetProcessHeaps
RtlSecondsSince1980ToTime
_aullrem
VerSetConditionMask
ZwDuplicateToken
RtlUpcaseUnicodeStringToOemString
RtlActivateActivationContextUnsafeFast
memcmp
RtlDeleteTimerQueue

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

865b691b197e4ebc6f609724d51085ca

Headers

File Characteristics

Imports

psbase

kernel32

oleaut32

crtdll

ntmarta

ntdll

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 24KB - Virtual size: 67KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 24KB - Virtual size: 67KB

.rsrc
Size: 1KB - Virtual size: 1KB