e77982553bdee6d7dbbd7c1d4841b025_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e77982553bdee6d7dbbd7c1d4841b025_JaffaCakes118
Size

449KB
MD5

e77982553bdee6d7dbbd7c1d4841b025
SHA1

fc8f53cf68c9ba5280565a4947005ccb290cc8fc
SHA256

b1154c9805ffb26ac22e98756b77f6f9aa7b15364ae76193bc0fd3bd1bb61ecc
SHA512

1a401031c60a44de84513681c5f9fb5e4b3ad41d6194aa045129b46115f4a23bfccbe4c9b41187e376962f557546eecfbd25c24e0afedf3d644eb0c3473f92e3
SSDEEP

12288:RGnDCPArhGiBCDj1N+RW/Bdv5j6pOj9hgBio9+753:RGxrhrBCDxpL5mQZyBC7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e77982553bdee6d7dbbd7c1d4841b025_JaffaCakes118

Files

e77982553bdee6d7dbbd7c1d4841b025_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e3284bb51defbd8dbf54d5091f0a7816

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

RpcBindingFromStringBindingW
NdrClientCall2
RpcStringFreeW
RpcSsDestroyClientContext
RpcStringBindingComposeW
I_RpcMapWin32Status
I_RpcExceptionFilter
RpcBindingFree

kernel32

GetProcAddress
FreeLibrary
SetEvent
GetCurrentThread
GetSystemTimeAsFileTime
CloseHandle
WaitForSingleObject
CreateThread
GetSystemInfo
CreateEventW
SetUnhandledExceptionFilter
VirtualFree
SetThreadPriority
GetCurrentProcess
LocalAlloc
SetLastError
InterlockedIncrement
GetCurrentThreadId
UnhandledExceptionFilter
GetComputerNameExW
TerminateProcess
InterlockedDecrement
GetLastError
VirtualAlloc
LoadLibraryA
GetCurrentProcessId
QueryPerformanceCounter
ResetEvent
GetTickCount
DelayLoadFailureHook
Beep
GetComputerNameW
LocalFree

advapi32

OpenProcessToken
CreateWellKnownSid
RegOpenKeyExW
RegQueryValueExA
RegSetValueExW
RegOpenKeyExA
ConvertSidToStringSidW
RegCreateKeyExW
RegEnumKeyW
OpenThreadToken
IsWellKnownSid
RegQueryValueExW
RegQueryInfoKeyW
RegCloseKey
QueryServiceStatus
EqualDomainSid
RegEnumKeyExW
RegEnumValueW
RegDeleteKeyW
GetLengthSid
GetTokenInformation

ntdll

RtlFreeUnicodeString
RtlMakeSelfRelativeSD
NtAllocateLocallyUniqueId
RtlEqualSid
RtlEnterCriticalSection
NtAllocateVirtualMemory
RtlCopyLuid
RtlValidSid
NtCreateSemaphore
DbgPrint
RtlSubAuthorityCountSid
RtlInitString
RtlSubAuthoritySid
NtQueryValueKey
RtlConvertSidToUnicodeString
NtOpenKey
NtQueryInformationToken
RtlCopySid
RtlInitUnicodeString
RtlLengthSid
RtlNtStatusToDosError
RtlLengthSecurityDescriptor
RtlDeleteCriticalSection
RtlGetNtProductType
RtlLeaveCriticalSection

msvcrt

_initterm
malloc
wcscpy
free
_except_handler3
memmove
_adjust_fdiv
wcsncmp
_wcsnicmp
wcscat
wcslen
wcsncpy

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 426KB - Virtual size: 425KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 928KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e3284bb51defbd8dbf54d5091f0a7816

Headers

File Characteristics

Imports

rpcrt4

kernel32

advapi32

ntdll

msvcrt

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 9KB - Virtual size: 8KB

.rsrc Size: 426KB - Virtual size: 425KB

.reloc Size: 512B - Virtual size: 28B

.data Size: 4KB - Virtual size: 928KB

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 426KB - Virtual size: 425KB

.reloc
Size: 512B - Virtual size: 28B

.data
Size: 4KB - Virtual size: 928KB