0862a51c1524cfb0343cbe65f671ab9f_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0862a51c1524cfb0343cbe65f671ab9f_JaffaCakes118
Size

5.2MB
MD5

0862a51c1524cfb0343cbe65f671ab9f
SHA1

7146b67bcd3e96da40c51aacfde9c8b96c3fa51b
SHA256

da93fae1487b3dc44a8b7ae67fe4d22cfa3fa3288a48568a0b3a3b3af38c2bc1
SHA512

fc49d2d07a1811bc57ceafe167a3e2a9549443abdbdd725ad98714469d3d2771be8a18b70f0484afdf5919551614d5e2d1d9b94c070e94e90d77577a2c53986c
SSDEEP

98304:9y5iM4Yt9P0vKnHAcsndYV10MsgqvL++Oi7iy3pLM0ecsdHpM5kSMaJEeQ4r:9y5i4cSHHEdYf0MsBGi7iy5LlejHpBSH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0862a51c1524cfb0343cbe65f671ab9f_JaffaCakes118

Files

0862a51c1524cfb0343cbe65f671ab9f_JaffaCakes118
.exe windows:6 windows x64 arch:x64

2e1ff428a6573052332e6ba342b990d8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

api-ms-win-service-management-l2-1-0

SetServiceObjectSecurity

msvcrt

strncpy_s

ntdll

RtlReleaseSRWLockExclusive

advapi32

ControlTraceW
RegQueryValueExA
OpenSCManagerW
EnumServicesStatusExW
OpenServiceW
QueryServiceConfigW
CloseServiceHandle

comctl32

ord410

kernel32

UnhandledExceptionFilter
LoadLibraryA
LocalAlloc
GetCurrentProcess
GetCurrentThread
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
GetLastError
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

EnumWindows
CharUpperBuffW

ole32

CoInitializeEx

wtsapi32

WTSSendMessageW

Sections

.text
Size: - Virtual size: 409KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.keur
Size: - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.pmig
Size: 5.2MB - Virtual size: 5.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.wjmpt
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2e1ff428a6573052332e6ba342b990d8

Headers

DLL Characteristics

File Characteristics

Imports

api-ms-win-service-management-l2-1-0

msvcrt

ntdll

advapi32

comctl32

kernel32

user32

ole32

wtsapi32

Sections

.text Size: - Virtual size: 409KB

.rdata Size: - Virtual size: 164KB

.data Size: - Virtual size: 25KB

.keur Size: - Virtual size: 5.3MB

.pmig Size: 5.2MB - Virtual size: 5.2MB

.wjmpt Size: 512B - Virtual size: 12B

.rsrc Size: 512B - Virtual size: 480B

.text
Size: - Virtual size: 409KB

.rdata
Size: - Virtual size: 164KB

.data
Size: - Virtual size: 25KB

.keur
Size: - Virtual size: 5.3MB

.pmig
Size: 5.2MB - Virtual size: 5.2MB

.wjmpt
Size: 512B - Virtual size: 12B

.rsrc
Size: 512B - Virtual size: 480B