f8bfa7a05aabc0b4ba2025c0c49bc787_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f8bfa7a05aabc0b4ba2025c0c49bc787_JaffaCakes118
Size

32KB
MD5

f8bfa7a05aabc0b4ba2025c0c49bc787
SHA1

db751909f525dba162a2624ac50190e5a159c843
SHA256

ede83af64b5a3ddee4ba30d3bd7b321eee5fca0bc6137c087ec353f6a960eb1a
SHA512

0eb4c3c6b0e073281d3d2109f535e6bb7f6a757f68824bd1ef15f70017beeb0c094d26836a9f7cba3d2383ae5007491451be40e48095d2d58910c946bad229a4
SSDEEP

768:gh/F8kqZoKSBCgKJM0LQYtS6Z0QYT/Jq:U8/GnCgUNsWZ0Dq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f8bfa7a05aabc0b4ba2025c0c49bc787_JaffaCakes118

Files

f8bfa7a05aabc0b4ba2025c0c49bc787_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6ef7bd97259dc16f51d9be557ecbb06b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord823
ord825

msvcrt

_stricmp
_strnicmp
memcpy
memmove
ceil
_ftol
strlen
__CxxFrameHandler
memset
strrchr
malloc
_iob
realloc
free
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
__p__pgmptr
sprintf
exit
atoi
strcat
strncat
strchr
strcpy
_except_handler3

kernel32

FreeLibrary
GetCurrentThreadId
InitializeCriticalSection
DeleteCriticalSection
VirtualFree
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
CreateEventA
CloseHandle
WaitForSingleObject
ResetEvent
SetEvent
InterlockedExchange
CancelIo
Sleep
WriteFile
SetFilePointer
CreateProcessA
GetStartupInfoA
lstrcatA
GetWindowsDirectoryA
GetLastError
GetCurrentProcess
Process32Next
LocalReAlloc
LocalSize
OpenProcess
lstrlenA
Process32First
LocalAlloc
CreateToolhelp32Snapshot
LocalFree
GetFileSize
CreateFileA
GetLocalTime
lstrcpyA
TerminateThread
ExitProcess
MoveFileExA
SetFileAttributesA
DeleteFileA
ReadFile
HeapAlloc
GetProcessHeap
VirtualProtect
GetProcAddress
LoadLibraryA
IsBadReadPtr
HeapFree
RaiseException
GetModuleHandleA
GlobalMemoryStatus
GetSystemInfo
GetVersionExA
FindClose
FindFirstFileA
GetModuleFileNameA
OpenEventA
GetTickCount
CreateThread
SetErrorMode
CreateMutexA
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetEnvironmentVariableA
GetShortPathNameA
MultiByteToWideChar
DefineDosDeviceA
GetFileAttributesA

user32

GetProcessWindowStation
OpenWindowStationA
SetProcessWindowStation
CloseDesktop
GetAsyncKeyState
GetForegroundWindow
GetWindowTextA
SetThreadDesktop
OpenInputDesktop
GetUserObjectInformationA
OpenDesktopA
GetThreadDesktop
GetKeyState
wsprintfA
ExitWindowsEx

advapi32

CreateServiceA
LockServiceDatabase
ChangeServiceConfig2A
UnlockServiceDatabase
StartServiceA
CloseServiceHandle
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
SetServiceStatus
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegEnumKeyExA
RegQueryValueExA
RegOpenKeyExA
CloseEventLog
OpenSCManagerA
OpenServiceA
DeleteService
RegOpenKeyA
RegDeleteKeyA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenEventLogA
ClearEventLogA

shell32

SHChangeNotify
SHGetSpecialFolderPathA
ShellExecuteA
ShellExecuteExA

oleaut32

SysFreeString

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6ef7bd97259dc16f51d9be557ecbb06b

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

advapi32

shell32

oleaut32

Sections

.text Size: 20KB - Virtual size: 20KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 7KB

.text
Size: 20KB - Virtual size: 20KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 7KB