223e0e1608b4ebfbc4e4be9e0774a320_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

223e0e1608b4ebfbc4e4be9e0774a320_JaffaCakes118
Size

290KB
MD5

223e0e1608b4ebfbc4e4be9e0774a320
SHA1

702e2102be98acec237d5712342602f76c1ce810
SHA256

213eb765c5eb70b88767e32aa71229249cacb797f77438a0b202c6811ab7049c
SHA512

d0ca3ed4b7a1fc8f7f7ecb4c7d9b72b8445b69c0c15ee1eaaa1872b822c223502cb3542558b8430ee081cf63655197ff475d05c97fc269068c80c67e00e3f65b
SSDEEP

6144:K71/Yk+J/tvpBZ9+RCszT+uNeq2oTbDkmXCKcf7we6:Kh8J/tvpD96zT+6eqNvXCKc0e6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
223e0e1608b4ebfbc4e4be9e0774a320_JaffaCakes118

Files

223e0e1608b4ebfbc4e4be9e0774a320_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f3ae9a9b67aaac043d5708975639d10d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegQueryInfoKeyW
GetUserNameA
CryptGenRandom
SetSecurityDescriptorOwner
RegCreateKeyW
RegisterEventSourceW
SetSecurityDescriptorGroup
OpenThreadToken
RegDeleteKeyA
GetSecurityDescriptorDacl
LsaQueryInformationPolicy
SetEntriesInAclW
RegNotifyChangeKeyValue
AddAce
QueryServiceConfigW
RegDeleteValueW
CryptGetHashParam
RegisterTraceGuidsW
RegDeleteKeyW
DuplicateTokenEx
ControlService
CryptAcquireContextW
GetSecurityDescriptorLength
OpenServiceW
CryptAcquireContextA
MakeSelfRelativeSD
EqualSid
LookupAccountSidW
RegCreateKeyA
GetUserNameW
GetTokenInformation
DeleteService
LsaFreeMemory
RegOpenKeyExA
GetSidLengthRequired
RegEnumValueW
RegEnumKeyW
CheckTokenMembership
UnlockServiceDatabase
RegSetValueExW
StartServiceW
OpenSCManagerA
ImpersonateLoggedOnUser
CryptCreateHash
GetTraceLoggerHandle
LookupPrivilegeValueA

kernel32

GetLastError
FlushFileBuffers
IsDebuggerPresent
CompareStringW
GetConsoleMode
GetVersion
lstrcpynW
ReleaseMutex
LoadLibraryExA
WaitForSingleObject
GetCurrentThreadId
GetEnvironmentStrings
CreateMutexA
GetExitCodeThread
ResumeThread
QueryPerformanceCounter
InterlockedIncrement
UnmapViewOfFile
FreeEnvironmentStringsW
VirtualQuery
GetSystemInfo
GetLocaleInfoA
GetCurrentProcess
GetTempPathA
OpenMutexA
GetModuleHandleW
lstrlenW
HeapFree
GetTickCount
HeapReAlloc
TlsGetValue
TerminateProcess
GetThreadLocale
GetFileSize
CreateDirectoryA
GetCommandLineW
GetStartupInfoA
GetSystemTime
DisableThreadLibraryCalls
InitializeCriticalSection
GetSystemDirectoryW
FormatMessageW
GetModuleHandleA
GetStdHandle
GetVersionExW
OpenEventW
CreateMutexW
SetErrorMode
GetCommandLineA
lstrcatA
Sleep
OpenMutexW
PurgeComm
GetFullPathNameW
GetSystemTimeAsFileTime
FindFirstFileW
GetModuleFileNameW
GetCurrentProcessId
SetLastError
VirtualAlloc
LoadResource
WideCharToMultiByte
FindResourceW
RtlUnwind
LCMapStringA
ExitProcess
GetFileAttributesA
VirtualFree
lstrcmpiA

msvcrt

_strdup
_finite
sprintf
_chsize
__setusermatherr
toupper
_rotl
wcsncmp
__pioinfo
_rotr
_tell
_local_unwind2
setlocale
fwrite
memmove
_wfopen
fopen
_cexit
_ftol
towlower
_c_exit
qsort
_adjust_fdiv
memset
__p__osver
rand
exit
??3@YAXPAX@Z
iswspace
_lock
srand
_ltoa
ceil
strncmp
_strlwr
_wcsnicmp
printf
_initterm
__p__iob
malloc
_ultow

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.textbss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.textbss
Size: 275KB - Virtual size: 278KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f3ae9a9b67aaac043d5708975639d10d

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

Sections

.text Size: 4KB - Virtual size: 4KB

.textbss Size: - Virtual size: 2KB

BSS Size: - Virtual size: 3KB

.bss Size: - Virtual size: 1KB

.bss Size: - Virtual size: 1KB

DATA Size: - Virtual size: 220KB

.textbss Size: 275KB - Virtual size: 278KB

.rsrc Size: 10KB - Virtual size: 10KB

.text
Size: 4KB - Virtual size: 4KB

.textbss
Size: - Virtual size: 2KB

BSS
Size: - Virtual size: 3KB

.bss
Size: - Virtual size: 1KB

.bss
Size: - Virtual size: 1KB

DATA
Size: - Virtual size: 220KB

.textbss
Size: 275KB - Virtual size: 278KB

.rsrc
Size: 10KB - Virtual size: 10KB