21c98261786e1e87457be789c7e9503d_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

21c98261786e1e87457be789c7e9503d_JaffaCakes118
Size

568KB
MD5

21c98261786e1e87457be789c7e9503d
SHA1

52cf0841dee8540d16598a1a804cc2638931de5c
SHA256

29b27f48eb2fc762bed93f307601bc05e3ee24f30437b2c58006c0562c28ec68
SHA512

5b6a54f95ec22370cf221fcd6333feaf7a5108a9c7137b46ae116a0b24d84579fc8d86bd549d98a1ce5ed7168ad8cf5742c3fca86d950b5e24d1467cddf96f53
SSDEEP

12288:xIlZYCjBMbvr892gxQMm/dHqgqT+SJroBfGiY3Dc4oofP:0K29kM2HqgqiSRoNkjP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
21c98261786e1e87457be789c7e9503d_JaffaCakes118

Files

21c98261786e1e87457be789c7e9503d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2794914636587f3d1a4ee178b2e747f2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

InitiateSystemShutdownA
GetSidIdentifierAuthority
LockServiceDatabase
IsValidSecurityDescriptor
QueryServiceConfigA
RegConnectRegistryW
MakeAbsoluteSD
AllocateAndInitializeSid

kernel32

ExitProcess
_lread
IsDBCSLeadByteEx
DuplicateHandle
RaiseException
CopyFileExW
GetOEMCP
GetDiskFreeSpaceExA
SetProcessAffinityMask
SetErrorMode
RemoveDirectoryA
FindFirstFileA
GetCurrentDirectoryW
GetFileAttributesA
GlobalDeleteAtom
GlobalFlags
FindResourceExA
QueryDosDeviceW
GlobalFindAtomW
InitializeCriticalSection
ReadConsoleA
GetCommModemStatus
lstrcmpA
GlobalReAlloc
ReadDirectoryChangesW
GlobalFindAtomA
EnumCalendarInfoW
CreateEventA
LocalFileTimeToFileTime
GetLocaleInfoW
GetPrivateProfileStringA
SetMailslotInfo
QueryDosDeviceA
VirtualQuery
GenerateConsoleCtrlEvent
WritePrivateProfileSectionW
IsBadStringPtrA
AllocConsole
SetEnvironmentVariableA
GetSystemTimeAsFileTime
FreeLibraryAndExitThread
CloseHandle
_lclose
WaitNamedPipeA
GlobalFree
DeleteCriticalSection
GlobalUnlock
EnumResourceNamesW
SetTimeZoneInformation
VirtualUnlock
_llseek
SetConsoleTitleA
GetFileType
GetACP
MoveFileW
EnumCalendarInfoA
EnumResourceLanguagesW
WriteProcessMemory
DeleteFiber

oleaut32

SafeArrayRedim
SysStringLen
VariantCopy
SysFreeString
VariantChangeType
SafeArrayPutElement
SafeArrayCreate
SetErrorInfo
SysAllocStringLen
LoadTypeLibEx

user32

DrawFocusRect
RegisterWindowMessageW
GetDoubleClickTime
GetMenuItemInfoW
OemToCharA
SendMessageA
SetClassLongA
LoadStringA
LoadCursorFromFileW
DefDlgProcW
SetClassLongW
GetWindowTextA
CopyImage
BeginDeferWindowPos
NotifyWinEvent
GetWindowLongW
WindowFromPoint
GetMessageA
MessageBoxA
DefDlgProcA
SetWindowPlacement
EnableMenuItem
GetWindowDC
MessageBoxW
DragDetect
DrawStateW
SetMenu
CreateDialogParamA

ole32

OleInitialize
CoTaskMemRealloc
PropVariantCopy
CoGetInterfaceAndReleaseStream
StgOpenStorage
CreateStreamOnHGlobal

Sections

.text
Size: 7KB - Virtual size: 223KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 263KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2794914636587f3d1a4ee178b2e747f2

Headers

File Characteristics

Imports

advapi32

kernel32

oleaut32

user32

ole32

Sections

.text Size: 7KB - Virtual size: 223KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 263KB - Virtual size: 262KB

.rsrc Size: 16KB - Virtual size: 16KB

.text
Size: 7KB - Virtual size: 223KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 263KB - Virtual size: 262KB

.rsrc
Size: 16KB - Virtual size: 16KB