01e2118c42fc1208f82d5ca6a6861744_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

01e2118c42fc1208f82d5ca6a6861744_JaffaCakes118
Size

240KB
MD5

01e2118c42fc1208f82d5ca6a6861744
SHA1

2bb34e3eb402b4716f60c51b3428bd32b2bbbec8
SHA256

a80fb42198c549cfba35ab23c512da946e498a8f986cf128e8f87487eecb5a67
SHA512

181a0c810609b0a7c4e2bf91d5cbe3c4fdcd45efa068e4f8e1a5ad2daecb5c9b50c3a52bace3c1fc89624a7b020a3c8cd19417c44d9787d2e54bc60932688c3a
SSDEEP

6144:ylHcahWWRRXU6llDVA9oLLAvzk+d4WwZ7:yFcgWWRRX5ncMLxWwZ7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
01e2118c42fc1208f82d5ca6a6861744_JaffaCakes118

Files

01e2118c42fc1208f82d5ca6a6861744_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0dc26bd6707766ec3702c547cb576d9e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeviceIoControl
InterlockedDecrement
CreateEventA
CreateFileA
GetVersion
DeleteFileA
Sleep
QueryPerformanceCounter
QueryPerformanceFrequency
SetConsoleCtrlHandler
GetVersionExA
SetEvent
InterlockedIncrement
CloseHandle
WideCharToMultiByte
FindResourceA
LoadResource
SizeofResource
LockResource
_lcreat
_hwrite
_lclose
GetLastError
FormatMessageA
WaitForSingleObject
LocalFree
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
GetOEMCP
GetACP
LoadLibraryA
HeapSize
GetSystemInfo
VirtualProtect
SetStdHandle
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
SetFilePointer
FlushFileBuffers
LCMapStringW
LCMapStringA
IsBadCodePtr
IsBadReadPtr
VirtualQuery
InterlockedExchange
HeapAlloc
HeapFree
RtlUnwind
HeapReAlloc
RaiseException
GetTimeZoneInformation
GetSystemTimeAsFileTime
ExitProcess
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
GetStartupInfoA
GetCommandLineA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetHandleCount
GetStdHandle
GetFileType
SetUnhandledExceptionFilter
GetCPInfo
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
ReadFile
WriteFile
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW

advapi32

ControlService
StartServiceA
QueryServiceStatus
OpenServiceA
DeleteService
OpenSCManagerA
CreateServiceA
CloseServiceHandle
RegOpenKeyA
RegCreateKeyExA
RegCloseKey
RegSetValueExA

shell32

SHGetSpecialFolderPathA

ole32

CoUninitialize
CoCreateInstance
CoInitializeSecurity
CoInitializeEx
OleUninitialize
CoSetProxyBlanket

oleaut32

SysStringLen
GetErrorInfo
SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElement
VariantChangeType
VariantClear
VariantInit
SysFreeString
SysAllocString

Sections

.text
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0dc26bd6707766ec3702c547cb576d9e

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 84KB - Virtual size: 81KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 4KB - Virtual size: 9KB

.rsrc Size: 40KB - Virtual size: 37KB

.text Size: 88KB - Virtual size: 88KB

.text
Size: 84KB - Virtual size: 81KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 4KB - Virtual size: 9KB

.rsrc
Size: 40KB - Virtual size: 37KB

.text
Size: 88KB - Virtual size: 88KB