0a1f336234f31a406d84925766a92af6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0a1f336234f31a406d84925766a92af6_JaffaCakes118
Size

110KB
MD5

0a1f336234f31a406d84925766a92af6
SHA1

3995170c07f922766d3298e532e15c169e123947
SHA256

cb8eb31dda048ada2c87c6c0348f28b6d1974a8b9b077bb20912797f3e47ee00
SHA512

f066a0dfe5b9e37fba342190c51174a0cb4f2d45714da836bdde5865d6451178cb757437c4865d6f554ea3d2fa1ecfa3ce0297f54b641bd76ada5394a9a8441d
SSDEEP

3072:ywEe+JuGm9UbX4GeWX29ijbO0Nkz5ElUkl:ywEFJw6bIqFbO0+z5lO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0a1f336234f31a406d84925766a92af6_JaffaCakes118

Files

0a1f336234f31a406d84925766a92af6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7860110f0182944619f60c759ee4fc52

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\archsource\dce\6.3\win32\en\source\src\trendsystemcleaner\regbootclean\win32\release\RegBootClean.pdb

Imports

kernel32

LocalFree
GetCurrentProcessId
CloseHandle
OpenProcess
GetLastError
DeleteFileW
GetWindowsDirectoryW
SetErrorMode
FreeConsole
HeapFree
HeapAlloc
GetVersionExA
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetFilePointer
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
MultiByteToWideChar
ReadFile
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
RaiseException
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
ExitProcess
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
SetStdHandle
Sleep
CreateFileW
InitializeCriticalSection
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LoadLibraryA
SetEndOfFile
CreateFileA

advapi32

RegEnumKeyW
RegDeleteValueW
GetNamedSecurityInfoW
GetSecurityInfo
RegGetKeySecurity
GetAce
SetNamedSecurityInfoW
GetSecurityDescriptorDacl
SetSecurityDescriptorDacl
RegSetValueExW
InitializeAcl
GetSecurityDescriptorOwner
AddAccessAllowedAce
RegSetKeySecurity
RegOpenKeyExW
AddAce
GetAclInformation
GetLengthSid
RegQueryInfoKeyW
InitializeSecurityDescriptor
RegCloseKey
RegDeleteKeyW

Sections

.text
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7860110f0182944619f60c759ee4fc52

Headers

File Characteristics

PDB Paths

Imports

kernel32

advapi32

Sections

.text Size: 64KB - Virtual size: 60KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 8KB - Virtual size: 13KB

.rsrc Size: 14KB - Virtual size: 16KB

.text
Size: 64KB - Virtual size: 60KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 8KB - Virtual size: 13KB

.rsrc
Size: 14KB - Virtual size: 16KB