073f01be29ea1a8d92f7daf89a6814f5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

073f01be29ea1a8d92f7daf89a6814f5_JaffaCakes118
Size

152KB
MD5

073f01be29ea1a8d92f7daf89a6814f5
SHA1

1dca4b82ab6d6b44003d1e6efe7d12eb044fef44
SHA256

fa54e0ba9c5a9f6642b7c4121e6d6142fc0d3e37384666c1b7cf6d1df83679b6
SHA512

c094b4a071f0db3cc15189914eb96816d4dd27105d3c4cff7266fd4b21c85847d8ed6e400b9847ea28e3ff714feb445f510a34a4c6b67dd4071489d79239466e
SSDEEP

3072:GvQ2xbHlM+nu9An3tr6b8OQ5E6uO06NVl9rIxFi44Vy0wvn4:r2xbH3n3tWbrQi9O06ntV5w

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
073f01be29ea1a8d92f7daf89a6814f5_JaffaCakes118

Files

073f01be29ea1a8d92f7daf89a6814f5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e6d70789cbae2092de97c2c8a42ec1a8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MultiByteToWideChar
GetCurrentProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
SetFileTime
GetFileTime
CreateFileA
SetFileAttributesA
Sleep
GetSystemWindowsDirectoryA
GetModuleFileNameA
GetSystemDirectoryA
HeapAlloc
GetProcessHeap
HeapReAlloc
HeapFree
CopyFileA
WriteFile
FindClose
FindFirstFileA
GetCurrentDirectoryA
SetLastError
FormatMessageA
LocalFree
FreeResource
LockResource
LoadResource
SizeofResource
FindResourceA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
GetLastError
MoveFileExA
DeleteFileA
GetProcAddress
GetVersion
FreeLibrary
OpenProcess
CreateRemoteThread
WaitForSingleObject
CloseHandle
LoadLibraryA
CreateProcessA
QueryPerformanceCounter
InterlockedExchange
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersionExA
GetACP
GetOEMCP
GetCPInfo
LCMapStringA
WideCharToMultiByte
LCMapStringW
ExitProcess
TerminateProcess
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapDestroy
HeapCreate
VirtualFree
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
RtlUnwind
HeapSize

user32

GetActiveWindow
MessageBoxA
wsprintfA

advapi32

QueryServiceStatus
ControlService
DeleteService
OpenSCManagerA
CreateServiceA
CloseServiceHandle
OpenServiceA
StartServiceA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

sfc

SfcIsFileProtected

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 120KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e6d70789cbae2092de97c2c8a42ec1a8

Headers

File Characteristics

Imports

kernel32

user32

advapi32

sfc

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 1024B - Virtual size: 2KB

.rsrc Size: 120KB - Virtual size: 124KB

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 1024B - Virtual size: 2KB

.rsrc
Size: 120KB - Virtual size: 124KB