f020b065c4d2297c2da06e1b5beef289_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f020b065c4d2297c2da06e1b5beef289_JaffaCakes118
Size

29KB
MD5

f020b065c4d2297c2da06e1b5beef289
SHA1

74a773fe22c3c1d9e253efa6bee522248172d4bf
SHA256

75fde672575fe32102498a58d3fa3b28755063dfec57123231c2ff57bbd913e8
SHA512

46de8500c921de8a3d55705c87c9071cb571971472024b75903ae13b80bc124e82bff951e045b990e2634b97e4999ab41a9afca70cf3ae955d93733bb9eb547e
SSDEEP

768:0D6SWWVcssfQA5bGHexP25n5T5V+6NAd:0GSWHsZAoHgP25n5T5VJNI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f020b065c4d2297c2da06e1b5beef289_JaffaCakes118

Files

f020b065c4d2297c2da06e1b5beef289_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9a6573a12a17f8f6eec1a144c1566ecc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

advapi32

RegEnumValueW
GetTokenInformation
RegSetValueExA
AllocateAndInitializeSid
FreeSid
InitializeSecurityDescriptor
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA
RegCreateKeyExW
RegDeleteKeyW
OpenThreadToken
RegQueryValueExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegEnumKeyExA
CloseServiceHandle
RegDeleteValueW
RegOpenKeyExA
OpenProcessToken
RegQueryValueExA
RegCloseKey
RegOpenKeyExW

olecli32

OleRevertClientDoc
OleGetLinkUpdateOptions
PbLoadFromStream
GenQueryBounds
DibSaveToStream
ErrSetData
OleUnlockServer
LeRelease
MfQueryBounds
OleSavedClientDoc
PbCreateLinkFromClip
CheckNetDrive
LeChangeData
DefLoadFromStream
LeEqual

oleacc

DllCanUnloadNow
CreateStdAccessibleProxyA
AccessibleObjectFromEvent
GetRoleTextA
AccessibleObjectFromPoint
IID_IAccessible
ObjectFromLresult
AccessibleChildren
IID_IAccessibleHandler
LresultFromObject
GetStateTextW
CreateStdAccessibleObject
LIBID_Accessibility
DllUnregisterServer
WindowFromAccessibleObject
CreateStdAccessibleProxyW
AccessibleObjectFromWindow
DllGetClassObject
GetOleaccVersionInfo
GetRoleTextW
GetStateTextA

gdi32

SelectObject
ExtTextOutA
BitBlt
SelectClipRgn
SetBkColor
GetTextExtentPointA
RestoreDC
DeleteDC
CreateDIBitmap
CreateCompatibleDC
GetStockObject
CreateRectRgn
SaveDC
CreateFontIndirectA
SelectPalette
MoveToEx
GetSystemPaletteEntries
GetTextMetricsA
GetDeviceCaps
CreateSolidBrush
RealizePalette
CreatePen
GetObjectA
CreatePalette
LineTo
SetTextColor

kernel32

CopyFileW
SetThreadPriority
WriteConsoleW
DeviceIoControl
OpenProcess
GetExitCodeProcess
GetTempPathA
FileTimeToLocalFileTime
ReleaseSemaphore
RemoveDirectoryW
GetFullPathNameW
GetComputerNameW
VirtualAlloc
CreateMutexW
LoadLibraryExA
CreateMutexA
ExpandEnvironmentStringsA
CreateDirectoryA
FindNextFileA

Sections

.textbss
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.debug
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 1024B - Virtual size: 639B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9a6573a12a17f8f6eec1a144c1566ecc

Headers

File Characteristics

Imports

advapi32

olecli32

oleacc

gdi32

kernel32

Sections

.textbss Size: - Virtual size: 48KB

.data Size: 2KB - Virtual size: 1KB

.rsrc Size: 14KB - Virtual size: 14KB

.idata Size: 9KB - Virtual size: 8KB

.debug Size: 1KB - Virtual size: 1KB

.text Size: 1024B - Virtual size: 639B

.textbss
Size: - Virtual size: 48KB

.data
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 14KB - Virtual size: 14KB

.idata
Size: 9KB - Virtual size: 8KB

.debug
Size: 1KB - Virtual size: 1KB

.text
Size: 1024B - Virtual size: 639B