214af40e2b11af4ff642422b188021dd_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

214af40e2b11af4ff642422b188021dd_JaffaCakes118
Size

216KB
MD5

214af40e2b11af4ff642422b188021dd
SHA1

62e6c63ce5a11d05aded159ed06831fa3bd2858a
SHA256

34afbbb056cdb1e6630b80ede50477e2a7eb515d3bfba72afae85c717e6a555a
SHA512

11612ba5d3df30a2e32e62740a3d86e43228a47cd548421380e9fb08fe9c85807c8eb0e59363dcccce834f4c123517322456eaf3ee12537900bc39a85645729d
SSDEEP

6144:wveeneygCWIspmSFHcHaLYPljMDwaU/gi:ty7W7pJHcc8rz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
214af40e2b11af4ff642422b188021dd_JaffaCakes118

Files

214af40e2b11af4ff642422b188021dd_JaffaCakes118
.exe windows:4 windows x86 arch:x86

32700653095d7fa6ee8adfc663d59413

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
SetFileTime
LocalFileTimeToFileTime
FindFirstFileA
lstrcatA
CreateFileA
LoadResource
FindResourceA
GetTickCount
GetTempPathA
lstrcpyA
SetLastError
ReadFile
Process32Next
Process32First
lstrlenA
SizeofResource
GetModuleHandleA
CreateThread
GetPrivateProfileStringA
WritePrivateProfileStringA
CreateDirectoryA
GetFileAttributesA
SetUnhandledExceptionFilter
ReleaseMutex
CreateMutexA
GetCommandLineA
GetCurrentThreadId
GetStartupInfoA
Sleep
FreeResource
MoveFileA
SetFilePointer
DeleteFileA
MultiByteToWideChar
WideCharToMultiByte
GetCurrentProcess
CloseHandle
OutputDebugStringA
lstrcpynA
lstrcmpA
GetLastError
LocalFree
LocalAlloc
ExitProcess
GetProcAddress
CreateProcessA
GetThreadContext
ReadProcessMemory
GetModuleFileNameA
lstrcmpiA
WriteProcessMemory
SetThreadContext
ResumeThread
LoadLibraryA
CreateToolhelp32Snapshot

user32

wsprintfA
DispatchMessageA
GetMessageA
UpdateWindow
ShowWindow
CreateWindowExA
RegisterClassExA
LoadCursorA
LoadIconA
PostThreadMessageA
GetInputState
BlockInput
DefWindowProcA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
GetUserNameA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegSetValueExA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegRestoreKeyA
RegSaveKeyA
RegCreateKeyA
CloseServiceHandle
CreateServiceA
OpenSCManagerA
StartServiceA
OpenServiceA

shell32

ShellExecuteA

ntdll

RtlUnwind
_chkstk
strstr
memcpy
strchr
strlen
memset
ZwUnmapViewOfSection
_strcmpi

netapi32

NetApiBufferFree
NetUserGetLocalGroups

setupapi

SetupDiGetDeviceRegistryPropertyA
SetupDiDestroyDeviceInfoList
CM_Get_DevNode_Status
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupDiGetDeviceInstallParamsA
SetupDiCallClassInstaller
SetupDiSetClassInstallParamsA

msvcrt

_acmdln
exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
rand
fopen
fwrite
fclose
??3@YAXPAX@Z
??2@YAPAXI@Z
_CxxThrowException
__CxxFrameHandler
malloc
realloc
printf
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 192KB - Virtual size: 189KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

32700653095d7fa6ee8adfc663d59413

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ntdll

netapi32

setupapi

msvcrt

Sections

.text Size: 12KB - Virtual size: 10KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 192KB - Virtual size: 189KB

.text
Size: 12KB - Virtual size: 10KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 192KB - Virtual size: 189KB