25de13c10c1fe508231a8fe0fad62243_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

25de13c10c1fe508231a8fe0fad62243_JaffaCakes118
Size

152KB
MD5

25de13c10c1fe508231a8fe0fad62243
SHA1

3d280a4a9b27eae6fe14e56f25c919fecfcad03c
SHA256

0b472127e24831aa8637882928364bb0adc8aea74e1c3df2b440d2ca309621aa
SHA512

795aa765abba4a18c17f7845b747355fc03251eb88dc0dff380dc6fd15f1028b2fc7f3ab06bbbf42c35fb71010b5e4bb384148249838de86dd5ea9f713323392
SSDEEP

3072:4vQ2xbrlQ+nu9An3tr6b8OQ5E6uO06NVl9rIxFi44Vy0wvn4o:92xb/3n3tWbrQi9O06ntV5w3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
25de13c10c1fe508231a8fe0fad62243_JaffaCakes118

Files

25de13c10c1fe508231a8fe0fad62243_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e6d70789cbae2092de97c2c8a42ec1a8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MultiByteToWideChar
GetCurrentProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
SetFileTime
GetFileTime
CreateFileA
SetFileAttributesA
Sleep
GetSystemWindowsDirectoryA
GetModuleFileNameA
GetSystemDirectoryA
HeapAlloc
GetProcessHeap
HeapReAlloc
HeapFree
CopyFileA
WriteFile
FindClose
FindFirstFileA
GetCurrentDirectoryA
SetLastError
FormatMessageA
LocalFree
FreeResource
LockResource
LoadResource
SizeofResource
FindResourceA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
GetLastError
MoveFileExA
DeleteFileA
GetProcAddress
GetVersion
FreeLibrary
OpenProcess
CreateRemoteThread
WaitForSingleObject
CloseHandle
LoadLibraryA
CreateProcessA
QueryPerformanceCounter
InterlockedExchange
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersionExA
GetACP
GetOEMCP
GetCPInfo
LCMapStringA
WideCharToMultiByte
LCMapStringW
ExitProcess
TerminateProcess
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapDestroy
HeapCreate
VirtualFree
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
RtlUnwind
HeapSize

user32

GetActiveWindow
MessageBoxA
wsprintfA

advapi32

QueryServiceStatus
ControlService
DeleteService
OpenSCManagerA
CreateServiceA
CloseServiceHandle
OpenServiceA
StartServiceA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

sfc

SfcIsFileProtected

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 120KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

HYBRIS
Size: 50B - Virtual size: 50B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SPLASH
Size: 50B - Virtual size: 50B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e6d70789cbae2092de97c2c8a42ec1a8

Headers

File Characteristics

Imports

kernel32

user32

advapi32

sfc

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 1024B - Virtual size: 2KB

.rsrc Size: 120KB - Virtual size: 124KB

HYBRIS Size: 50B - Virtual size: 50B

SPLASH Size: 50B - Virtual size: 50B

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 1024B - Virtual size: 2KB

.rsrc
Size: 120KB - Virtual size: 124KB

HYBRIS
Size: 50B - Virtual size: 50B

SPLASH
Size: 50B - Virtual size: 50B