08d947b5e9e986ad26c200455d562c9a_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

08d947b5e9e986ad26c200455d562c9a_JaffaCakes118
Size

352KB
MD5

08d947b5e9e986ad26c200455d562c9a
SHA1

48de3924cda37e4dbd40b974ad891bfedc6ee403
SHA256

c60865126e7a90a26447021a2eaa30d20da6971784ee08e22b3daced2110912f
SHA512

24eff8f670104820d8ff1810c73f8b7bea8b092b220583df9337e2cae01c9effd64948e575945be7bc8c3afc8fa4fb8233c9132252189cd45ff19ce7e719bf3b
SSDEEP

6144:bUdAwx4apxhBjpgzMU7vWAzA0sSUE4qYD7H7H+U5ScKLZS15ARjUdwOqe:bCAwF3pgvDWAz2A4q2H7HDSceS15A5e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
08d947b5e9e986ad26c200455d562c9a_JaffaCakes118

Files

08d947b5e9e986ad26c200455d562c9a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

49340b04115c18f2f0b4ebb1b7f745a2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

LsaQuerySecret
RegSetValueExW
RegCloseKey
RegDeleteKeyW
RegOpenCurrentUser
RegCreateKeyExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryValueExW

msvcrt

_initterm
ferror
_adjust_fdiv
malloc
free

user32

wvsprintfA
GetInputDesktop
wsprintfW

ntdll

NtInitiatePowerAction
NtPowerInformation
RtlUpperChar

kernel32

GetProcAddress
LocalAlloc
LocalFree
SetUnhandledExceptionFilter
CloseHandle
LoadLibraryA
GetSystemTimeAsFileTime
OpenSemaphoreW
lstrlenW
WaitForSingleObject
SetLastError
InterlockedCompareExchange
DisableThreadLibraryCalls
GetCurrentProcess
GetCurrentThreadId
GetCurrentThread
QueryPerformanceCounter
GetConsoleCursorInfo
GetTickCount
CreateSemaphoreW
ReleaseSemaphore
GetLastError
OutputDebugStringA
GetCurrentProcessId
ExitProcess
GetModuleHandleA

Sections

.text
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 146KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt
Size: 512B - Virtual size: 54B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

49340b04115c18f2f0b4ebb1b7f745a2

Headers

File Characteristics

Imports

advapi32

msvcrt

user32

ntdll

kernel32

Sections

.text Size: 72KB - Virtual size: 72KB

.data Size: 146KB - Virtual size: 145KB

.rdata Size: 118KB - Virtual size: 117KB

.bss Size: - Virtual size: 12KB

.idata Size: 1KB - Virtual size: 1KB

.crt Size: 512B - Virtual size: 54B

.tls Size: 512B - Virtual size: 32B

.rsrc Size: 12KB - Virtual size: 11KB

.text
Size: 72KB - Virtual size: 72KB

.data
Size: 146KB - Virtual size: 145KB

.rdata
Size: 118KB - Virtual size: 117KB

.bss
Size: - Virtual size: 12KB

.idata
Size: 1KB - Virtual size: 1KB

.crt
Size: 512B - Virtual size: 54B

.tls
Size: 512B - Virtual size: 32B

.rsrc
Size: 12KB - Virtual size: 11KB