289a94ddd2be932831c5e4667ba877c6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

289a94ddd2be932831c5e4667ba877c6_JaffaCakes118
Size

58KB
MD5

289a94ddd2be932831c5e4667ba877c6
SHA1

7da86982c94455276f55f2b67fff1761a6d6aed3
SHA256

6062f1e3a60ebe1bc0a68d103610c7dd170334ac15dba5f74a8fe6e08da1702a
SHA512

592705458cd90d246cab8a8c7121c3129ed6aabe8430c868efe0dc4bf2561617bc5edf8a8308818c08c5d377be0edd25d545090938aa629751884842008a2da6
SSDEEP

768:o1az1GiMYD45MyuPacvd+uN9J9rnTbEfnh0Rv1YwzxtOTX:+dYc5SacFtJ9rnTQnhOOwFtO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
289a94ddd2be932831c5e4667ba877c6_JaffaCakes118

Files

289a94ddd2be932831c5e4667ba877c6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1b372956ca7669ac3b1a8f6ed32ea856

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcessHeap
SetProcessPriorityBoost
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetCurrentProcess
lstrcpyW
GetEnvironmentVariableW
GetShortPathNameW
GetModuleFileNameW
HeapAlloc
SizeofResource
LockResource
LoadResource
FindResourceW
GetModuleHandleW
lstrlenW
GetFileAttributesW
GetSystemDirectoryW
ExitProcess
GetModuleHandleA
HeapReAlloc
Sleep
HeapFree
GetWindowsDirectoryW
lstrcatW
GetFileSize
GetFileTime
SetFileTime
CreateFileW
DeleteFileW
GetLastError
WriteFile
GetTickCount
GetStartupInfoW
SetFilePointer
FreeResource
CloseHandle

user32

ShowWindow
CreateWindowExW
wsprintfW
KillTimer
DefWindowProcW
EndPaint
BeginPaint
SetTimer
MoveWindow
GetSystemMetrics
SetWindowLongW
PostQuitMessage
RegisterClassExW
LoadIconW
TranslateMessage
DispatchMessageW
GetMessageW
UpdateWindow
LoadCursorW

advapi32

CloseServiceHandle
StartServiceW
QueryServiceStatus
ChangeServiceConfigW
QueryServiceConfigW
OpenServiceA
OpenSCManagerW
RegSetValueExW
RegOpenKeyW
RegCloseKey
RegCreateKeyW
ChangeServiceConfig2W
OpenServiceW
CreateServiceW
ControlService

shell32

SHGetFolderPathW
ShellExecuteExW
SHChangeNotify

msvcr71

_except_handler3
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_amsg_exit
_wcmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
_wfopen
fseek
fwrite
fclose
??3@YAXPAX@Z
??2@YAPAXI@Z
_controlfp

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 924B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1b372956ca7669ac3b1a8f6ed32ea856

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

msvcr71

Sections

.text Size: 5KB - Virtual size: 5KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 924B

.rsrc Size: 28KB - Virtual size: 28KB

.vmp0 Size: 18KB - Virtual size: 17KB

.reloc Size: 1024B - Virtual size: 528B

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 924B

.rsrc
Size: 28KB - Virtual size: 28KB

.vmp0
Size: 18KB - Virtual size: 17KB

.reloc
Size: 1024B - Virtual size: 528B