0bfaaf3194df0c8c5a1391960ddb2c6b_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0bfaaf3194df0c8c5a1391960ddb2c6b_JaffaCakes118
Size

63KB
MD5

0bfaaf3194df0c8c5a1391960ddb2c6b
SHA1

2fef8eb64ab583c79b0a678fe977eaff07202ac6
SHA256

e3fea39bdff70da234130a390c8356fe8f19d09a1498afa12a04ebf42d6ea78a
SHA512

7a7af4bf2f89898409cbc66a87d8933e2b036f86133e168ec6b8ec93c0e83e2bd7cc1dbdc962f8281f52ae356ece2f7862a1d76a55fca8f603d19951f1b930df
SSDEEP

1536:9he216/8yM/gRzMtTz5pW92vhRw3++1VhiBVB8U1Gmku:xS8yMYRzMo92YusVhqVOqZku

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0bfaaf3194df0c8c5a1391960ddb2c6b_JaffaCakes118

Files

0bfaaf3194df0c8c5a1391960ddb2c6b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a4b70b7530e99f01b47b8ae3bbafc0bc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

LookupPrivilegeValueA
OpenServiceA
QueryServiceConfig2A
QueryServiceStatus
RegFlushKey
RegQueryInfoKeyA
SetSecurityDescriptorDacl
UnlockServiceDatabase

kernel32

CloseHandle
CreateEventA
CreateMutexA
CreateThread
DeleteAtom
DisableThreadLibraryCalls
EnterCriticalSection
EnumSystemLocalesA
ExitProcess
ExpandEnvironmentStringsA
FileTimeToLocalFileTime
FreeLibrary
GetACP
GetCommandLineA
GetConsoleMode
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetEnvironmentVariableA
GetFileSize
GetLastError
GetModuleHandleA
GetPrivateProfileSectionNamesA
GetPrivateProfileStringA
GetPrivateProfileStructA
GetProcAddress
GetProcessHeap
GetShortPathNameA
GetStdHandle
GetSystemDirectoryA
GetSystemInfo
GetSystemTimeAsFileTime
GetTempFileNameA
GetTempPathA
GetThreadLocale
GetTickCount
GetTimeFormatA
GetVersionExA
GlobalLock
GlobalReAlloc
HeapAlloc
HeapDestroy
InitializeCriticalSection
InterlockedDecrement
InterlockedExchange
IsBadCodePtr
IsBadReadPtr
IsValidLocale
LocalAlloc
LocalFree
LockResource
Module32First
Module32Next
MoveFileA
MultiByteToWideChar
OpenProcess
QueryPerformanceCounter
ResumeThread
RtlUnwind
SearchPathA
SetEndOfFile
SetEnvironmentVariableA
SetErrorMode
SetFileTime
SetUnhandledExceptionFilter
SizeofResource
Sleep
SuspendThread
TerminateProcess
TlsAlloc
TlsFree
UnhandledExceptionFilter
VirtualProtect
WideCharToMultiByte
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpyA

user32

BeginPaint
CallNextHookEx
CharUpperA
ClientToScreen
CopyRect
DestroyWindow
DialogBoxParamA
FindWindowA
GetActiveWindow
GetDesktopWindow
GetDlgCtrlID
GetWindowLongA
InflateRect
IsChild
IsRectEmpty
IsWindowEnabled
LoadBitmapA
LoadImageA
MessageBoxA
MsgWaitForMultipleObjects
RegisterClassA
ReleaseDC
SendDlgItemMessageA
SendMessageA
SetFocus
UpdateWindow

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Sections

.text
Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.DATA
Size: 16KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a4b70b7530e99f01b47b8ae3bbafc0bc

Headers

File Characteristics

Imports

advapi32

kernel32

user32

version

Sections

.text Size: 26KB - Virtual size: 28KB

.DATA Size: 16KB - Virtual size: 28KB

.data Size: 512B - Virtual size: 4KB

.rdata Size: 15KB - Virtual size: 16KB

.idata Size: 3KB - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 4KB

.text
Size: 26KB - Virtual size: 28KB

.DATA
Size: 16KB - Virtual size: 28KB

.data
Size: 512B - Virtual size: 4KB

.rdata
Size: 15KB - Virtual size: 16KB

.idata
Size: 3KB - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 4KB