1609a0cc9547bb4aa8e73857a9c0edc3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1609a0cc9547bb4aa8e73857a9c0edc3_JaffaCakes118
Size

66KB
MD5

1609a0cc9547bb4aa8e73857a9c0edc3
SHA1

bc0bdebd85f2dc1c01fbaff8d957f37473a92c81
SHA256

799d2e8d0ac7d3dd9aa291a4391d4e19b15ba54ebe5b7b96a0dc1e184272face
SHA512

969df9cdc718ef150de961c51199a370ca5918745ea72f13754f2a4adb448da6346d2cdc04b5bfde8e4e3ec0b0e7893fc3816287a56945ff3952399a093f55e2
SSDEEP

768:PNnM+NJGuFlQhF/mYYppSD9g4wDD3sLYzOFlkQVvGk0oidotDIDwz/bkLiOMIm0Q:1nzfCY8ZEOYzOb0o1tkGzkmOEEz0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1609a0cc9547bb4aa8e73857a9c0edc3_JaffaCakes118

Files

1609a0cc9547bb4aa8e73857a9c0edc3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

219516560579803a81d259ee7110635c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

ControlService
CreateServiceA
FreeSid
QueryServiceConfig2A
QueryServiceStatus
RegEnumKeyExA
RegFlushKey
RegSetValueExA

kernel32

AddAtomA
CloseHandle
CreateEventA
CreateMutexA
CreateToolhelp32Snapshot
DeleteFileA
DisableThreadLibraryCalls
DuplicateHandle
EnumSystemLocalesA
ExitProcess
ExitThread
FindClose
FindFirstFileA
GetACP
GetCPInfo
GetConsoleMode
GetConsoleOutputCP
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetFileAttributesA
GetFileTime
GetFileType
GetLastError
GetLocaleInfoA
GetModuleHandleA
GetOEMCP
GetPrivateProfileSectionNamesA
GetProcAddress
GetProcessHeap
GetShortPathNameA
GetStringTypeA
GetSystemTimeAsFileTime
GetTickCount
GetTimeFormatA
GetVersionExA
GlobalAlloc
GlobalHandle
GlobalLock
GlobalReAlloc
GlobalUnlock
HeapCreate
HeapFree
HeapSize
InitializeCriticalSection
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsBadCodePtr
LCMapStringA
LeaveCriticalSection
LocalAlloc
LocalFree
Module32Next
MultiByteToWideChar
OpenProcess
OutputDebugStringA
QueryPerformanceCounter
RaiseException
ReadFile
ReadProcessMemory
RtlUnwind
SearchPathA
SetEndOfFile
SetStdHandle
SetThreadPriority
SizeofResource
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WideCharToMultiByte
lstrcmpA
lstrcmpiA

user32

BeginPaint
DispatchMessageA
DrawIcon
EndDialog
ExitWindowsEx
GetActiveWindow
GetKeyState
GetSystemMetrics
GetWindowPlacement
GetWindowTextA
IntersectRect
IsRectEmpty
IsWindowVisible
LoadBitmapA
LoadCursorA
LoadStringA
MessageBoxA
RegisterClassA
RegisterClassExA
SendDlgItemMessageA
SetCapture
SetFocus
SetMenu
SetWindowLongA
SetWindowTextA
wsprintfA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.INIT
Size: 17KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

219516560579803a81d259ee7110635c

Headers

File Characteristics

Imports

advapi32

kernel32

user32

version

Sections

.text Size: 28KB - Virtual size: 28KB

.INIT Size: 17KB - Virtual size: 28KB

.data Size: 512B - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.idata Size: 3KB - Virtual size: 4KB

.edata Size: 15KB - Virtual size: 16KB

.text
Size: 28KB - Virtual size: 28KB

.INIT
Size: 17KB - Virtual size: 28KB

.data
Size: 512B - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.idata
Size: 3KB - Virtual size: 4KB

.edata
Size: 15KB - Virtual size: 16KB