59fb67ea0ea32f96acc3b0487f3fa0b7_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

59fb67ea0ea32f96acc3b0487f3fa0b7_JaffaCakes118
Size

345KB
MD5

59fb67ea0ea32f96acc3b0487f3fa0b7
SHA1

b58cceda89db13e73dc7a7b8d11bc5cc53359094
SHA256

e042a76361ec86ae101e9c338fb6165945a9550febf6eaebe6d40ccdee6a146e
SHA512

dc5b34422ad1ac73c475bda56fabc991b82db799df6024f7009fbd4e89c731d33bfd8c49900136f9c41d091b70fe5addebed62fda265b708291a05dd8c467128
SSDEEP

6144:pQUfThSSa/BpPEsOPDXBD/TlfGtk3wfCGovFpOmx+M59OTU4Q+IH/AXYO0Ip+u5F:O6FIBpPxuXBXREk3wfCGqwW+8O44gfA7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
59fb67ea0ea32f96acc3b0487f3fa0b7_JaffaCakes118

Files

59fb67ea0ea32f96acc3b0487f3fa0b7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3bba430660306eb61981bcfafd61df0d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegOpenKeyW
RegEnumKeyExW
RegCreateKeyExW
RegCloseKey
RegOpenCurrentUser
RegQueryValueExW
RegOpenKeyExW
DuplicateEncryptionInfoFile
RegDeleteKeyW
RegSetValueExW
SystemFunction003

ntdll

NtPowerInformation
NtInitiatePowerAction
RtlLookupElementGenericTable
wcsspn
RtlUnwind

kernel32

SetUnhandledExceptionFilter
SetLastError
LocalAlloc
lstrlenW
GetCurrentProcessId
GetCurrentThread
InterlockedCompareExchange
GetProcAddress
ReleaseSemaphore
CreateSemaphoreW
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleA
GetCurrentThreadId
CloseHandle
OutputDebugStringA
GetCurrentProcess
WaitForSingleObject
LocalFree
LoadLibraryA
GetLastError
OpenSemaphoreW
ExitProcess
DisableThreadLibraryCalls
QueryPerformanceCounter

user32

wvsprintfA
CheckMenuItem
EqualRect
wsprintfW

msvcrt

_initterm
free
_adjust_fdiv
malloc

Sections

.text
Size: 69KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.DATA
Size: 157KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt
Size: 512B - Virtual size: 54B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3bba430660306eb61981bcfafd61df0d

Headers

File Characteristics

Imports

advapi32

ntdll

kernel32

user32

msvcrt

Sections

.text Size: 69KB - Virtual size: 72KB

.DATA Size: 157KB - Virtual size: 156KB

.rdata Size: 105KB - Virtual size: 105KB

.bss Size: - Virtual size: 12KB

.idata Size: 1KB - Virtual size: 1KB

.crt Size: 512B - Virtual size: 54B

.tls Size: 512B - Virtual size: 32B

.rsrc Size: 10KB - Virtual size: 9KB

.text
Size: 69KB - Virtual size: 72KB

.DATA
Size: 157KB - Virtual size: 156KB

.rdata
Size: 105KB - Virtual size: 105KB

.bss
Size: - Virtual size: 12KB

.idata
Size: 1KB - Virtual size: 1KB

.crt
Size: 512B - Virtual size: 54B

.tls
Size: 512B - Virtual size: 32B

.rsrc
Size: 10KB - Virtual size: 9KB