002a502e8e540c416958e6888d27ff3b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

002a502e8e540c416958e6888d27ff3b_JaffaCakes118
Size

188KB
MD5

002a502e8e540c416958e6888d27ff3b
SHA1

adcfd9208477729279ed11cb7772aa4f11937a83
SHA256

baa97e88cc53dd0fed07abd7004167573add743f30cbd909deb266bffd2f9f58
SHA512

cb1a4df4374bd3131ac554b061288406e16a0d23637fc430af220c7924b7136ab52f6784243b7b36cf7189123af3ca7f67d340b0e1794a0dfd7b08ed2ca29ca8
SSDEEP

3072:kDSE0YBpqm6AbJvKK7csxk5gyMLAFAh/I/g1V8clpxRf0eqedka1:m0YBpq9kEKLk5zMLAehKgNH7seqikM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
002a502e8e540c416958e6888d27ff3b_JaffaCakes118

Files

002a502e8e540c416958e6888d27ff3b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0ae998d9a55bdb47b28cc61ac153f08f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memcpy
??2@YAPAXI@Z
_except_handler3
rand
srand
_ftol
strchr
memset
strcmp
__CxxFrameHandler
strncpy
strlen
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_strlwr
_strrev
??3@YAXPAX@Z
_stricmp

user32

CharNextA
wsprintfA

shlwapi

SHDeleteKeyA

advapi32

GetServiceKeyNameA
GetServiceDisplayNameA
ControlService
CreateServiceA
RegSaveKeyA
RegRestoreKeyA
DeleteService
CloseServiceHandle
ChangeServiceConfig2A
RegConnectRegistryA
OpenSCManagerA
OpenServiceA
ChangeServiceConfigA
StartServiceA
RegCreateKeyExA
RegSetValueExA
RegDeleteKeyA
RegDeleteValueA
RegQueryValueExA
RegOpenKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey

kernel32

GetCommandLineA
SetUnhandledExceptionFilter
OpenEventA
ExpandEnvironmentStringsA
SleepEx
GetShortPathNameA
CreateEventA
WaitForSingleObject
GetModuleFileNameA
CreateFileA
WriteFile
GetFileTime
SetFileTime
MoveFileA
GetCurrentDirectoryA
GetTempPathA
GetWindowsDirectoryA
lstrcpyA
SetEnvironmentVariableA
ExitProcess
GetModuleHandleA
Sleep
lstrcatA
GetSystemDirectoryA
GetTickCount
SetFileAttributesA
DeleteFileA
lstrlenA
GetFileAttributesA
CreateDirectoryA
CloseHandle
GetCurrentProcess
GetLastError
GetStartupInfoA

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0ae998d9a55bdb47b28cc61ac153f08f

Headers

File Characteristics

Imports

msvcrt

user32

shlwapi

advapi32

kernel32

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 164KB - Virtual size: 164KB

.rsrc Size: 8KB - Virtual size: 5KB

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 164KB - Virtual size: 164KB

.rsrc
Size: 8KB - Virtual size: 5KB