252f826d004ae260f06288c55e16412b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

252f826d004ae260f06288c55e16412b_JaffaCakes118
Size

79KB
MD5

252f826d004ae260f06288c55e16412b
SHA1

cd3637d75d602e8943d82eea8bb0acabbdb73573
SHA256

4f91ec21d771982cec6bcadad47c1d97f2cad4c5881ea7c8aa34b16a61f29b0f
SHA512

07f4ee1a9056a50ebb4963dde02f8b1f42ce0cb16dc328bd990a98288f6aff8ead7614f4d30ba334cbbf6bd3c50705069f409b551620e17edfa49e1af57914c8
SSDEEP

1536:PAoDNEJeKAYfXrhNLPg10iRvwfVcafh6G0P0Ra+8QSW1U:vDNEJe67hdg10ilwfVcafh6R0Ra+8OS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
252f826d004ae260f06288c55e16412b_JaffaCakes118

Files

252f826d004ae260f06288c55e16412b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1630d655563ffd9d2cdaa667643e3218

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

FindWindowA
SendMessageA

advapi32

ChangeServiceConfig2A
RegOpenKeyA
RegQueryValueExA
RegCloseKey
RegSetValueExA
RegCreateKeyExA
SetServiceStatus
StartServiceA
CloseServiceHandle
ChangeServiceConfigA
OpenServiceA
OpenSCManagerA
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
_tell
_initterm
_acmdln
exit
_XcptFilter
_exit
atoi
_open
_write
_close
_lseek
_eof
_read
__CxxFrameHandler
??2@YAPAXI@Z
??3@YAXPAX@Z
free
malloc
fopen
fwrite
fclose
memcpy
localtime
strftime
time
srand
rand
strncpy
strchr
strcmp
sprintf
memset
sscanf
strcpy
strlen
strcat
_stricmp
__getmainargs
__setusermatherr

kernel32

DuplicateHandle
GetStartupInfoA
OpenEventA
GetCurrentProcessId
CreateToolhelp32Snapshot
Process32First
Process32Next
GetModuleHandleA
HeapAlloc
VirtualAllocEx
ReadProcessMemory
OpenProcess
lstrcmpiA
GetCurrentProcess
GetVersion
CreateFileA
CloseHandle
GetModuleFileNameA
VirtualProtect
DeleteFileA
_lcreat
_lwrite
_lclose
GetProcessHeap
HeapFree
BeginUpdateResourceA
FindResourceA
LoadResource
LockResource
SizeofResource
UpdateResourceA
EndUpdateResourceA
SetFileAttributesA
CopyFileA
CreateProcessA
WinExec
SetFileTime
Sleep
GetLastError
FreeLibrary
LoadLibraryA
GetProcAddress
CreateEventA
WaitForSingleObject
GetWindowsDirectoryA
SetCurrentDirectoryA

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1630d655563ffd9d2cdaa667643e3218

Headers

File Characteristics

Imports

user32

advapi32

msvcrt

kernel32

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 1KB - Virtual size: 5KB

.rsrc Size: 64KB - Virtual size: 64KB

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 1KB - Virtual size: 5KB

.rsrc
Size: 64KB - Virtual size: 64KB