21296b7e811e6d2dae0bfe4eee2ec8ca_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

21296b7e811e6d2dae0bfe4eee2ec8ca_JaffaCakes118
Size

48KB
MD5

21296b7e811e6d2dae0bfe4eee2ec8ca
SHA1

0edcd73816e4a820a2098879e0e5feca5ddc2e50
SHA256

414a030bf45eb880b0e0e3437f9f29ab9da2f0dad37ebf1b85d32ae5caf0c44b
SHA512

3d767f70d0b40305066e36648ea1d05191abccd997df4e071f388ad5f6f6734a26248ebd6616719af53eb1d2cec04dcc5fc7f5cf165e4e23dec24aebf63dbe35
SSDEEP

768:HEBmXxFJm00jMYTUUXFP1CITMXTZlHSuJKqyLoh:Zd90jJTUii/HTJKqO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
21296b7e811e6d2dae0bfe4eee2ec8ca_JaffaCakes118

Files

21296b7e811e6d2dae0bfe4eee2ec8ca_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6473cc283d78b835739a3e5ce4c80441

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
ResumeThread
SetFileAttributesA
CreateProcessA
GetShortPathNameA
OutputDebugStringA
GetCurrentThreadId
GetModuleHandleA
GetStartupInfoA
GetEnvironmentVariableA
SetPriorityClass
GetCurrentProcess
SetLocalTime
CopyFileA
GetCurrentProcessId
OpenProcess
WaitForSingleObject
TerminateProcess
CloseHandle
GetLastError
lstrlenA
GetPrivateProfileSectionA
GetWindowsDirectoryA
GetTickCount
GetLocalTime
Sleep

user32

MessageBoxA

advapi32

RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
RegisterEventSourceA
ReportEventA
DeleteService
RegCreateKeyA
DeregisterEventSource
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
CreateServiceA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
SetServiceStatus

wininet

InternetOpenA
InternetCloseHandle
InternetSetOptionA
InternetOpenUrlA
HttpQueryInfoA
InternetReadFile

psapi

EnumProcesses
EnumProcessModules
GetModuleFileNameExA

mfc42

ord354
ord2915
ord5572
ord860
ord6143
ord5186
ord6385
ord1979
ord665
ord924
ord922
ord858
ord5861
ord801
ord825
ord540
ord800
ord537
ord541

msvcrt

_XcptFilter
exit
_acmdln
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
strcat
_except_handler3
_controlfp
__getmainargs
_exit
_onexit
strcpy
__CxxFrameHandler
sprintf
strcmp
_mbsicmp
memcpy
_mbscmp
memset
strncpy
_stricmp
printf
strlen
vsprintf
__dllonexit
_initterm

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6473cc283d78b835739a3e5ce4c80441

Headers

File Characteristics

Imports

kernel32

user32

advapi32

wininet

psapi

mfc42

msvcrt

Sections

.text Size: 12KB - Virtual size: 8KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 24KB - Virtual size: 23KB

.text
Size: 12KB - Virtual size: 8KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 24KB - Virtual size: 23KB