2c852228d6ce80254aa40cf86ef5e39e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2c852228d6ce80254aa40cf86ef5e39e_JaffaCakes118
Size

266KB
MD5

2c852228d6ce80254aa40cf86ef5e39e
SHA1

70b7e637a61c529be5a10270477e8843252e7fa7
SHA256

7a5e0ec0ecaffef4a74c016fbdbdb7c334dc436b95282120a5734943c4875ed2
SHA512

4c215983d580e2f190e219635732ec3a9317d2d8cc2cee3013679588805022475b2701b2484a7b1254d7892402605de8264394c1841192ced9f27657c3175079
SSDEEP

6144:GEHCLobHHDVVCGWavB6MGc8KnTn4+GA+yw19863T:GECLobHHTvWhMWQ9G

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2c852228d6ce80254aa40cf86ef5e39e_JaffaCakes118

Files

2c852228d6ce80254aa40cf86ef5e39e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c06d5763dcb1daf00ca749bfb7c125be

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

AdjustTokenPrivileges
DeleteService
EqualSid
GetSecurityDescriptorControl
InitializeSecurityDescriptor
OpenSCManagerA
OpenServiceA
RegCreateKeyExA
RegDeleteValueA
RegEnumKeyExA
RegQueryInfoKeyA

kernel32

CreateFileA
CreateMutexA
DeleteCriticalSection
EnterCriticalSection
ExitProcess
FindClose
FindNextFileA
FindResourceA
GetConsoleOutputCP
GetCurrentDirectoryA
GetCurrentProcessId
GetCurrentThreadId
GetDateFormatA
GetDriveTypeA
GetFileAttributesA
GetFileTime
GetOEMCP
GetPrivateProfileSectionA
GetProcAddress
GetProcessHeap
GetStringTypeA
GetSystemInfo
GetSystemTime
GetTempPathA
GetTimeFormatA
GetWindowsDirectoryA
GlobalFree
GlobalHandle
GlobalUnlock
HeapCreate
HeapFree
InitializeCriticalSection
InterlockedCompareExchange
InterlockedDecrement
InterlockedIncrement
IsBadReadPtr
IsBadWritePtr
LocalFree
MapViewOfFile
Module32First
Module32Next
QueryPerformanceCounter
ResumeThread
SetErrorMode
SetFilePointer
SetFileTime
SetLastError
SystemTimeToFileTime
UnhandledExceptionFilter
UnmapViewOfFile
lstrcatA
lstrcpyA

user32

CharNextA
DispatchMessageA
GetMessageA
MessageBoxA
UnregisterClassA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerFindFileA
VerInstallFileA
VerLanguageNameA
VerQueryValueA
VerQueryValueIndexA

Sections

.text
Size: 186KB - Virtual size: 188KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.DATA
Size: 67KB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c06d5763dcb1daf00ca749bfb7c125be

Headers

File Characteristics

Imports

advapi32

kernel32

user32

version

Sections

.text Size: 186KB - Virtual size: 188KB

.rdata Size: 512B - Virtual size: 4KB

.DATA Size: 67KB - Virtual size: 2.7MB

.data Size: 6KB - Virtual size: 8KB

.idata Size: 2KB - Virtual size: 4KB

.rsrc Size: 2KB - Virtual size: 4KB

.text
Size: 186KB - Virtual size: 188KB

.rdata
Size: 512B - Virtual size: 4KB

.DATA
Size: 67KB - Virtual size: 2.7MB

.data
Size: 6KB - Virtual size: 8KB

.idata
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 4KB