282837901f2fafa53cb3cf663c75eecb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

282837901f2fafa53cb3cf663c75eecb_JaffaCakes118
Size

84KB
MD5

282837901f2fafa53cb3cf663c75eecb
SHA1

1eb9b77e1126f5ef5ba6f90cf86a8e7b055d4045
SHA256

865515aa831cd1231b2fa4f103c29e8e6eeb4e97cb42c29e1329f3e7801a3592
SHA512

63baaf5687ae23cd10b2a1e684db9bd188ca1995b0724342ce19562558a439abcd3dcd58daad982f0e16aef7fd5dbecac656d84ceafa202e408fb32ba19b9e01
SSDEEP

1536:NlmqEkrosVFU9zambDbRbGuL9xhr2+rhL4PIW2N:vmqNrogUsmbDbRbGubhr2ihUAnN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
282837901f2fafa53cb3cf663c75eecb_JaffaCakes118

Files

282837901f2fafa53cb3cf663c75eecb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2dc9edd4cbd0426caa14ca799a015ae2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
rand
wcslen
_wcsicmp
memcpy
strcat
strlen
memset
strstr
strcpy
sprintf
strcmp

kernel32

GetStartupInfoA
LoadLibraryA
lstrcmpiA
FreeLibrary
VirtualAllocEx
CreateRemoteThread
LocalAlloc
GetVolumeInformationA
GetVersionExA
CopyFileA
lstrlenA
WinExec
GetLocalTime
GetProcAddress
GetModuleHandleA
MultiByteToWideChar
GetSystemDirectoryA
GetFileSize
Process32Next
Process32First
CreateToolhelp32Snapshot
Sleep
ResumeThread
CreateProcessA
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetCurrentProcess
lstrcatA
lstrcpyA
GetEnvironmentVariableA
GetShortPathNameA
GetModuleFileNameA
CloseHandle
WriteFile
CreateFileA
GetLastError
CreateThread
OpenProcess
CreateFileMappingA
VirtualProtectEx
VirtualQueryEx
UnmapViewOfFile
ReadProcessMemory
MapViewOfFile
WriteProcessMemory
VirtualProtect

user32

CharUpperA

advapi32

RegisterServiceCtrlHandlerA
SetServiceStatus
QueryServiceConfigA
ChangeServiceConfigA
StartServiceA
OpenServiceA
OpenSCManagerA
CreateServiceA
CloseServiceHandle
StartServiceCtrlDispatcherA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegSetValueExA
RegCreateKeyExA

shell32

ShellExecuteA

netapi32

NetScheduleJobAdd

Sections

.text
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bad0
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.bad1
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2dc9edd4cbd0426caa14ca799a015ae2

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

advapi32

shell32

netapi32

Sections

.text Size: - Virtual size: 6KB

.rdata Size: - Virtual size: 2KB

.data Size: - Virtual size: 62KB

.rsrc Size: 4KB - Virtual size: 320B

.bad0 Size: - Virtual size: 12KB

.bad1 Size: 72KB - Virtual size: 69KB

.reloc Size: 4KB - Virtual size: 56B

.text
Size: - Virtual size: 6KB

.rdata
Size: - Virtual size: 2KB

.data
Size: - Virtual size: 62KB

.rsrc
Size: 4KB - Virtual size: 320B

.bad0
Size: - Virtual size: 12KB

.bad1
Size: 72KB - Virtual size: 69KB

.reloc
Size: 4KB - Virtual size: 56B