2903237d62c770c56b4cf18b917c77ba_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2903237d62c770c56b4cf18b917c77ba_JaffaCakes118
Size

324KB
MD5

2903237d62c770c56b4cf18b917c77ba
SHA1

439b59703eb3b832f9073ed443c9a70bdf39e9e4
SHA256

3dfdf915ce1af73b071ddc9e6f99be9583dc9899a6164619d9821d2c86e09466
SHA512

e7593ab5af12f388f5303bdfca2bd8a764b0e3060f1751629b9bbc8aadd7c365b32c0e5ce8e6a147b691256767bd098c7364e39eb421543d19d28f916e640574
SSDEEP

6144:HyDu3rTmE3+NEc2aIS5yS/ZtYPjSVpzXDCHl8jdfyNB+AWCBh9j:Hy6fvXaIS1ta6zXmHwmP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2903237d62c770c56b4cf18b917c77ba_JaffaCakes118

Files

2903237d62c770c56b4cf18b917c77ba_JaffaCakes118
.exe windows:5 windows x86 arch:x86

000827f9f10d857d564d16e3e37d6270

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

StartServiceA
RegEnumKeyA
OpenServiceA
RegSetValueExA
ChangeServiceConfigA
OpenSCManagerA
RegQueryValueExW
RegOpenKeyExA
QueryServiceStatus
RegOpenKeyW
RegQueryValueExA
CloseServiceHandle
RegCloseKey
RegOpenKeyA

tapi32

lineInitializeExW
lineClose
lineShutdown
lineOpen
lineNegotiateAPIVersion
lineGetDevCapsW
lineGetID

setupapi

SetupDiSetClassInstallParamsA
SetupDiDestroyDeviceInfoList
SetupDiCallClassInstaller
SetupDiEnumDeviceInfo
SetupCloseInfFile
SetupGetSourceInfoA
SetupDiGetDeviceInstanceIdW
SetupOpenMasterInf
SetupDiGetClassDevsW
SetupDiCreateDeviceInfoList
SetupPromptForDiskA
SetupGetSourceFileLocationA
SetupDiOpenDevRegKey

ole32

CoUninitialize
CoInitializeEx
CoCreateInstance

kernel32

DeleteFileW
GetLastError
HeapAlloc
LCMapStringA
VirtualProtect
GetShortPathNameW
GetModuleHandleA
WideCharToMultiByte
GetCPInfo
GetVersionExA
CloseHandle
lstrlenA
GetStringTypeA
GetProcAddress
MultiByteToWideChar
HeapFree
FreeLibrary
GlobalAlloc
GetStringTypeW
GetTickCount
GetTempPathW
ExitProcess
LoadLibraryA
GlobalFree
lstrcmpiW
VirtualAlloc
lstrcmpA
lstrcpyA
LoadLibraryW
GetSystemInfo
WriteFile
VirtualQuery
FormatMessageA
lstrlenW
GetTempFileNameW
LCMapStringW
CreateDirectoryW
CreateFileA
Sleep
GetProcessHeap
VirtualFree
HeapReAlloc

ntdll

NtAllocateVirtualMemory
RtlUshortByteSwap
NtCreateDebugObject

user32

wsprintfA

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 294KB - Virtual size: 294KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

000827f9f10d857d564d16e3e37d6270

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

tapi32

setupapi

ole32

kernel32

ntdll

user32

Sections

.text Size: 15KB - Virtual size: 15KB

.rsrc Size: 294KB - Virtual size: 294KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 3KB - Virtual size: 1.4MB

.tls Size: 512B - Virtual size: 4KB

.text
Size: 15KB - Virtual size: 15KB

.rsrc
Size: 294KB - Virtual size: 294KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 3KB - Virtual size: 1.4MB

.tls
Size: 512B - Virtual size: 4KB