236f1c50a0805e876163abc8cec1d4c3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

236f1c50a0805e876163abc8cec1d4c3_JaffaCakes118
Size

62KB
MD5

236f1c50a0805e876163abc8cec1d4c3
SHA1

73697e445ea03c8dbc9885e35e636fa541c5054e
SHA256

1b84fc66340e29b6e2c2b83f69ec938e957059bc0d5688e70689d07c40bd7e12
SHA512

ac993cd5da247a6d80a00a7cab0fb50735010f781de4017aad253b6de0aebd94b758c5d5615ee7e85859f5bb3e8abbcce9a09b2ce3b4183bf47bf95e5234e8e2
SSDEEP

1536:glRGrG870JD833jChtKfPuWD9Ek9OtDngR:YRGfSM/pD9EkK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
236f1c50a0805e876163abc8cec1d4c3_JaffaCakes118

Files

236f1c50a0805e876163abc8cec1d4c3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a3a284444bb74b0b8101bf5211d08799

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

AdjustTokenPrivileges
CloseServiceHandle
ControlService
GetSecurityDescriptorControl
InitializeSecurityDescriptor
RegCloseKey
RegDeleteKeyA
RegDeleteValueA
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA

kernel32

CloseHandle
CreateEventA
CreateFileA
CreateProcessA
CreateToolhelp32Snapshot
DeleteCriticalSection
DeviceIoControl
DuplicateHandle
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileA
FormatMessageA
FreeLibrary
GetCPInfo
GetConsoleCP
GetCurrentProcess
GetCurrentThreadId
GetEnvironmentStringsA
GetEnvironmentVariableA
GetLastError
GetLocalTime
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetProcessHeap
GetShortPathNameA
GetStdHandle
GetSystemDirectoryA
GetSystemTime
GetSystemTimeAsFileTime
GetThreadLocale
GetThreadTimes
GetTimeZoneInformation
GetVersionExA
GetWindowsDirectoryA
GlobalFree
GlobalReAlloc
HeapAlloc
HeapCreate
HeapDestroy
HeapReAlloc
HeapSize
InitializeCriticalSection
InterlockedExchange
IsBadCodePtr
IsValidLocale
LeaveCriticalSection
LoadLibraryExA
MoveFileExA
OpenProcess
QueryPerformanceCounter
RaiseException
ReadFile
ReadProcessMemory
RemoveDirectoryA
ResumeThread
SearchPathA
SetEndOfFile
SetEvent
SetFilePointer
SetPriorityClass
SetThreadPriority
SizeofResource
Sleep
SuspendThread
SystemTimeToFileTime
TerminateProcess
TlsFree
TlsGetValue
UnhandledExceptionFilter
VirtualFree
VirtualQuery
WaitForSingleObject
WriteFile
WritePrivateProfileStringA
lstrcmpA
lstrcpyA
lstrlenA

user32

CharNextA
CreateDialogParamA
CreatePopupMenu
DefWindowProcA
DestroyMenu
DispatchMessageA
DrawTextA
EnableMenuItem
GetDesktopWindow
GetKeyState
GetMessagePos
GetWindowPlacement
IsRectEmpty
IsWindow
MessageBoxA
MsgWaitForMultipleObjects
RegisterClassA
RegisterClipboardFormatA
RegisterWindowMessageA
SendMessageA
SetDlgItemTextA
SetWindowTextA
ShowWindow
SystemParametersInfoA
TranslateMessage
WinHelpA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Sections

.text
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.INIT
Size: 13KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a3a284444bb74b0b8101bf5211d08799

Headers

File Characteristics

Imports

advapi32

kernel32

user32

version

Sections

.text Size: 27KB - Virtual size: 28KB

.INIT Size: 13KB - Virtual size: 24KB

.data Size: 512B - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.idata Size: 3KB - Virtual size: 4KB

.edata Size: 15KB - Virtual size: 16KB

.text
Size: 27KB - Virtual size: 28KB

.INIT
Size: 13KB - Virtual size: 24KB

.data
Size: 512B - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.idata
Size: 3KB - Virtual size: 4KB

.edata
Size: 15KB - Virtual size: 16KB