9bc36a897b62e142966a16acda3519f7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

9bc36a897b62e142966a16acda3519f7_JaffaCakes118
Size

933KB
MD5

9bc36a897b62e142966a16acda3519f7
SHA1

e929bb1c467866ea6db53647e4ba2088717e50de
SHA256

0ace04c296f52a013b30aede478d23532b83bcaa642a775d469fed57db1831c1
SHA512

ab60437c10d9d69163f04431c8c67da6814463f7c61ddd0b9cfaebc584f7fe6a79e954d0162a8d2adfca9ed1c7490f7ab5c6cd44e7181c6685cfeb28ea677493
SSDEEP

12288:EaWSrf08i+/ZhpoMgz+B/WFquxnCTEB/RZWMhk7HCEa+8rsGz415f9VGmgqj8pGO:ZWOfniUmMkF5nCTEB5Yg+8wsmgqZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9bc36a897b62e142966a16acda3519f7_JaffaCakes118

Files

9bc36a897b62e142966a16acda3519f7_JaffaCakes118
.exe windows:5 windows x86 arch:x86

5cdf0ff67166951e0c5f33c34e83e39a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LeaveCriticalSection
DeleteCriticalSection
ReleaseSemaphore
LoadResource
GetFileSize
SetEndOfFile
FormatMessageW
lstrlenW
TlsFree
LoadLibraryW
LoadLibraryExW
GetModuleHandleW
CreateProcessW
FindResourceW
FindResourceExW
GetSystemDirectoryW
GetVersionExW
GetOEMCP
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
IsProcessorFeaturePresent
HeapReAlloc
HeapAlloc
HeapSize
RtlUnwind
IsValidCodePage
GetACP
EnterCriticalSection
Sleep
HeapFree
TerminateProcess
IsDebuggerPresent
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapCreate
InterlockedDecrement
SetLastError
InterlockedIncrement
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
GetStringTypeW
FreeEnvironmentStringsW
GetLastError
GetCurrentThreadId
GetCurrentProcess
VirtualAlloc
GlobalUnlock
GlobalLock
GetCPInfo
GetProcAddress
GetModuleFileNameW
GetStdHandle
WriteFile
DecodePointer
ExitProcess
SetUnhandledExceptionFilter
GetStartupInfoW
HeapSetInformation
GetCommandLineW

user32

GetCursor
DestroyWindow
GetWindowPlacement
IsZoomed
CheckRadioButton
GetNextDlgTabItem
CharNextW
GetScrollInfo
CopyIcon
PtInRect
IsRectEmpty
HideCaret
UnregisterClassW
AdjustWindowRectEx
GetScrollPos
EndPaint
TrackPopupMenu
GetSystemMetrics

setupapi

SetupGetFieldCount
SetupOpenInfFileW
SetupCloseInfFile
SetupFindFirstLineW
CM_Locate_DevNodeW
SetupCloseFileQueue
SetupDiCreateDeviceInfoList
SetupDiGetDeviceInstanceIdW
CM_Get_DevNode_Status
CM_Get_Device_ID_ExW
CM_Get_Device_IDW
SetupDiGetActualSectionToInstallW
SetupDiSetClassInstallParamsW
SetupDiSetDeviceRegistryPropertyW
SetupDiGetDeviceRegistryPropertyW
SetupDiOpenDevRegKey
SetupDiGetClassDevsW
SetupDiGetDriverInfoDetailW
SetupDiEnumDriverInfoW
SetupDiGetDeviceInterfaceDetailW

advapi32

RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
OpenSCManagerW

ole32

ReleaseStgMedium
PropVariantClear
CoTaskMemFree
CLSIDFromProgID
CLSIDFromString
StringFromCLSID
CreateStreamOnHGlobal

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 879KB - Virtual size: 7.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5cdf0ff67166951e0c5f33c34e83e39a

Headers

File Characteristics

Imports

kernel32

user32

setupapi

advapi32

ole32

Sections

.text Size: 44KB - Virtual size: 43KB

.data Size: 879KB - Virtual size: 7.8MB

.idata Size: 3KB - Virtual size: 3KB

.xdata Size: 5KB - Virtual size: 8KB

.text
Size: 44KB - Virtual size: 43KB

.data
Size: 879KB - Virtual size: 7.8MB

.idata
Size: 3KB - Virtual size: 3KB

.xdata
Size: 5KB - Virtual size: 8KB