fcd901b0c5066ef084ac70a95b7e104e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fcd901b0c5066ef084ac70a95b7e104e_JaffaCakes118
Size

356KB
MD5

fcd901b0c5066ef084ac70a95b7e104e
SHA1

d6d61571ae175564501bfc5548120936b39a1f18
SHA256

b34386bcb07350f0a8ef13824555314635156ea4c89ccd8463cb2ffefa8901f2
SHA512

f92c06ad9a6576520018f2f4f13e6106345ebe2c9a6abb0e0d49ccd4837527030b823fc0c40882096a41faf7d92cc389a684c8f07e4da74a8780bd73b11754e2
SSDEEP

6144:US5cLKGt4vobsCJtivQXN5CF19QcGpMb24VZEPDItBk5FjuUU1:UG9GFYqjCFYcUg2IZEPctBwFjuU2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fcd901b0c5066ef084ac70a95b7e104e_JaffaCakes118

Files

fcd901b0c5066ef084ac70a95b7e104e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

80cd48f017fae5db9fce5ef465202819

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
LocalFree
LocalAlloc
CloseHandle
GetCurrentThread
GetCurrentProcess
GetSystemTimeAsFileTime
GetFileAttributesExW
DeleteFileW
lstrcatW
GetVersionExW
WriteConsoleW
GetFileType
GetStdHandle
FindVolumeClose
FindNextVolumeW
CreateFileW
FindFirstVolumeW
DeviceIoControl
InterlockedExchange
GetModuleHandleA
LoadLibraryW
GetProcAddress
FreeLibrary
GetModuleFileNameW
lstrcpynW
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
GlobalAlloc
EnterCriticalSection
GetLastError
lstrcpyW
lstrlenW
VirtualAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GlobalFree
VirtualProtect
GetCommandLineA
GetModuleHandleW
GetStartupInfoA

user32

CharNextW
LoadStringW
CharPrevW

advapi32

GetTokenInformation
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegOpenKeyExW
RegSetValueExW
ConvertSidToStringSidW
LsaFreeMemory
LsaClose
LsaQueryInformationPolicy
LsaNtStatusToWinError
OpenThreadToken
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
InitializeAcl
DuplicateTokenEx
OpenProcessToken
RegQueryValueExW
RegConnectRegistryW
RegCreateKeyExW
AdjustTokenPrivileges

ole32

CoTaskMemFree
CoTaskMemAlloc

rpcrt4

UuidToStringW
UuidCreate
RpcStringFreeW

msvcr71

_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_except_handler3
iswspace
wcsncat
wcscat
wcscpy
_wcsicmp
wcscmp
wcslen
realloc
free
malloc
_initterm
_amsg_exit
_vsnwprintf
memset
_wtoi
vfwprintf
exit
_wcsupr
_iob
_c_exit
_exit
_XcptFilter
_ismbblead
_cexit
_acmdln
__getmainargs

Sections

.text
Size: 340KB - Virtual size: 337KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 306KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

80cd48f017fae5db9fce5ef465202819

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

rpcrt4

msvcr71

Sections

.text Size: 340KB - Virtual size: 337KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 306KB

.rsrc Size: 4KB - Virtual size: 2KB

.text
Size: 340KB - Virtual size: 337KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 306KB

.rsrc
Size: 4KB - Virtual size: 2KB