09c3a651dbad8629a923390b28fa96b9_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

09c3a651dbad8629a923390b28fa96b9_JaffaCakes118
Size

26KB
MD5

09c3a651dbad8629a923390b28fa96b9
SHA1

495e5503c8707926302220fd460d96da9ccd1bb7
SHA256

58369ce564626540dfb54403bab00332e02efadab0df7f197a75765468ce7115
SHA512

0fb2e2cb58b98923ac573ed559f3f1b16f81e423c0275b04460fc184480c49ceaf41bd2ef417b6fa7867152ec77977f8c45395a08e506e0731528691c88b78d7
SSDEEP

768:HJz571T3AfNh9NFSQg1UCCUKCF9cu3/3H:HJz571T3AFhDFSNtCUK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
09c3a651dbad8629a923390b28fa96b9_JaffaCakes118

Files

09c3a651dbad8629a923390b28fa96b9_JaffaCakes118
.exe windows:5 windows x86 arch:x86

796f741e1c7177f54461628cbf932c07

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtAllocateVirtualMemory
RtlAdjustPrivilege

advapi32

RegSetValueExW
RegFlushKey
RegOpenKeyExA
RegUnLoadKeyW
RegSetValueW
GetTokenInformation
RegEnumValueW
RegDeleteKeyW
RegOpenKeyExW
EqualSid
RegEnumKeyW
RegQueryValueExW
RegQueryInfoKeyW
AllocateAndInitializeSid
OpenProcessToken
RegCloseKey
RegSaveKeyW
RegCreateKeyExW
FreeSid
RegLoadKeyW
RegQueryValueExA
LookupPrivilegeValueW
RegDeleteValueW
AdjustTokenPrivileges

oleaut32

VariantClear

ole32

OleInitialize
OleUninitialize
CoTaskMemFree

kernel32

GetStartupInfoA

msvcrt

free
memset
memmove
_vsnwprintf
longjmp
_amsg_exit
malloc
memcpy
_adjust_fdiv
_wcsnicmp
_setjmp3
_ultow
_vsnprintf
_initterm
_wcsicmp
_XcptFilter
_wtoi
_wtol
bsearch

gdi32

GetObjectW
CreateFontIndirectW
GetStockObject
DeleteObject
GetDeviceCaps

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

rpcrt4

RpcStringFreeW

shlwapi

PathRemoveFileSpecW
StrChrW
StrRChrW
PathBuildRootW
PathCombineW
PathAddBackslashW
StrStrIW
PathFileExistsW
PathAppendW

setupapi

SetupDefaultQueueCallbackW
SetupSetDirectoryIdW
SetupGetStringFieldW
SetupInitDefaultQueueCallbackEx
SetupQueueCopyW
SetupCloseFileQueue
SetupOpenAppendInfFileW
SetupOpenInfFileW
SetupOpenFileQueue
SetupFindNextLine
SetupCloseInfFile
SetupTermDefaultQueueCallback
SetupFindFirstLineW
SetupCommitFileQueueW
SetupGetLineTextW
SetupInstallFromInfSectionW

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

796f741e1c7177f54461628cbf932c07

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

advapi32

oleaut32

ole32

kernel32

msvcrt

gdi32

version

rpcrt4

shlwapi

setupapi

Sections

.text Size: 4KB - Virtual size: 4KB

.rsrc Size: 15KB - Virtual size: 14KB

.data Size: 512B - Virtual size: 40KB

.rdata Size: 5KB - Virtual size: 5KB

.text
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 15KB - Virtual size: 14KB

.data
Size: 512B - Virtual size: 40KB

.rdata
Size: 5KB - Virtual size: 5KB