229945d35166270d3cbee4d4d94a6909_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

229945d35166270d3cbee4d4d94a6909_JaffaCakes118
Size

156KB
MD5

229945d35166270d3cbee4d4d94a6909
SHA1

839503e8334e6a9b8bd29aa8ff8fe75bd023033e
SHA256

51a24ad2c25b0ae358f651c8d01332aec5f9afdfc939c8eb30d6004aef161aef
SHA512

64878b1a4cea94d93c471fc91eaaa5fe3b165436cae84208379406c0e84de459698e703fa11634b909e3f959403cb4bd86a39a85ddf77812c5b2642fc2335775
SSDEEP

3072:PJQ/7t0BVG25MFzEiC6o4tTCp2G297kxxF:qTa6LBEryteD25kxH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
229945d35166270d3cbee4d4d94a6909_JaffaCakes118

Files

229945d35166270d3cbee4d4d94a6909_JaffaCakes118
.exe windows:4 windows x86 arch:x86

76b2a977c8e97415ab7fae8b33b8528c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

s:\Dev\APOs\AEFilters\AEFiltersSrv\Release-ADI\AEADISrv.pdb

Imports

advapi32

RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
StartServiceA
RegEnumKeyExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
SetServiceStatus
RegisterEventSourceA
ReportEventA
DeregisterEventSource
CreateServiceA
ControlService
QueryServiceStatus
DeleteService
InitializeSecurityDescriptor
ConvertStringSecurityDescriptorToSecurityDescriptorA

kernel32

CloseHandle
Sleep
WriteFile
CreateFileA
GetLastError
WaitForMultipleObjects
GetLocalTime
GetDateFormatA
GetTimeFormatA
SetFilePointer
GetModuleHandleA
GetModuleFileNameA
lstrlenA
CreateEventA
SetEvent
WaitForSingleObject
lstrlenW
SetConsoleCtrlHandler
FormatMessageA
LocalFree
CreateNamedPipeA
ResetEvent
ConnectNamedPipe
ReadFile
GetOverlappedResult
DisconnectNamedPipe
FlushFileBuffers
WriteConsoleW
GetProcAddress
ExitProcess
HeapAlloc
HeapFree
GetCommandLineA
GetVersionExA
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
GetStdHandle
DeleteCriticalSection
LoadLibraryA
InitializeCriticalSection
VirtualFree
VirtualAlloc
HeapReAlloc
HeapDestroy
HeapCreate
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
RtlUnwind
HeapSize
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
RaiseException

ole32

PropVariantClear
CoCreateInstance
CoUninitialize
CoInitialize

Sections

.text
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

76b2a977c8e97415ab7fae8b33b8528c

Headers

File Characteristics

PDB Paths

Imports

advapi32

kernel32

ole32

Sections

.text Size: 52KB - Virtual size: 50KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 8KB - Virtual size: 11KB

.rsrc Size: 76KB - Virtual size: 76KB

.text
Size: 52KB - Virtual size: 50KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 8KB - Virtual size: 11KB

.rsrc
Size: 76KB - Virtual size: 76KB