ff4ef92ca7d341f8567e9d25253903cd_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ff4ef92ca7d341f8567e9d25253903cd_JaffaCakes118
Size

413KB
MD5

ff4ef92ca7d341f8567e9d25253903cd
SHA1

44d9f4fe38051ad96f3f43420adce3eb31abdfa2
SHA256

3d808ce5af99f654363684805463e6aae1466e38a276cae191adca5dd5c14894
SHA512

aa18c742059824de7d061f27c96efc6db8897d7f94b8232ef264f7cd357158e634bc4b6d19a9796bc368db4b5972fbba22c92cf014015684f10984914c0743ad
SSDEEP

6144:lLnsRoovfZFAgTXUckOqeOY5xu6IuqAlcs1wpISHvWumZj8pB6Uim4pt:Zn8oOfZug7Oxixu6Irj1vWuZBfyt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ff4ef92ca7d341f8567e9d25253903cd_JaffaCakes118

Files

ff4ef92ca7d341f8567e9d25253903cd_JaffaCakes118
.dll windows:4 windows x86 arch:x86

f1ff158e57e575b0cd5449a1ca06189a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

ChangeServiceConfigA
RegEnumKeyA
RegOpenKeyW
CloseServiceHandle
RegCloseKey
QueryServiceStatus
RegQueryValueExW
StartServiceA
RegOpenKeyA
OpenServiceA
OpenSCManagerA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA

ole32

CoInitializeEx
CoUninitialize
CoCreateInstance

setupapi

SetupCloseInfFile
SetupOpenMasterInf
SetupDiOpenDevRegKey
SetupDiCreateDeviceInfoList
SetupDiSetClassInstallParamsA
SetupDiEnumDeviceInfo
SetupDiGetDeviceInstanceIdW
SetupGetSourceFileLocationA
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW
SetupPromptForDiskA
SetupGetSourceInfoA
SetupDiCallClassInstaller

kernel32

lstrcmpA
GetProcessHeap
GetTempPathW
MultiByteToWideChar
lstrlenW
GetTempFileNameW
LCMapStringW
GetModuleHandleA
WideCharToMultiByte
GlobalAlloc
LoadLibraryA
HeapAlloc
GetStringTypeW
LoadLibraryW
GetTickCount
GetSystemInfo
HeapFree
GetLocaleInfoA
GetShortPathNameW
FreeLibrary
CreateDirectoryW
GetCPInfo
lstrcmpiW
CloseHandle
lstrcpyA
VirtualAlloc
DeleteFileW
GetVersionExA
GetLastError
lstrcmpiA
GetProcAddress
lstrlenA
LCMapStringA
HeapReAlloc
GlobalFree
VirtualFree
GetStringTypeA
WriteFile
ExitProcess
Sleep
VirtualProtect
FormatMessageA

tapi32

lineGetID
lineInitializeExW
lineClose
lineShutdown
lineNegotiateAPIVersion
lineGetDevCapsW
lineOpen

ntdll

NtCreateDebugObject
NtAllocateVirtualMemory
RtlUshortByteSwap

user32

wsprintfA

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 928KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 383KB - Virtual size: 383KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f1ff158e57e575b0cd5449a1ca06189a

Headers

File Characteristics

Imports

advapi32

ole32

setupapi

kernel32

tapi32

ntdll

user32

Sections

.text Size: 7KB - Virtual size: 7KB

.data Size: 16KB - Virtual size: 928KB

.rdata Size: 4KB - Virtual size: 4KB

.rsrc Size: 383KB - Virtual size: 383KB

.reloc Size: 512B - Virtual size: 24B

.text
Size: 7KB - Virtual size: 7KB

.data
Size: 16KB - Virtual size: 928KB

.rdata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 383KB - Virtual size: 383KB

.reloc
Size: 512B - Virtual size: 24B