315954d0e464bdf458e695d8c994d891_JaffaCakes118

General

Target

315954d0e464bdf458e695d8c994d891_JaffaCakes118
Size

32KB
MD5

315954d0e464bdf458e695d8c994d891
SHA1

205f5a0b7d15a0011f397c58d82fd4760af719f8
SHA256

2e2ce1f1d8723c1fbba5d94f09be9674f9963365deb0e31b163763803b67df3f
SHA512

52f2cedb09d8e4a7956b0b6a3ffa38599006d43c4809e6959111ce6a179f1356b180f03ac99d20ca097bcf0889b3796013376fe6b593353a1283c542939a8f8d
SSDEEP

768:NZXMpmTlVG83gNXUXFhhJLlyHPgMcNYrWdmIll:NZXMpmmu4XU1hzlDMcN+Ij

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
315954d0e464bdf458e695d8c994d891_JaffaCakes118

Files

315954d0e464bdf458e695d8c994d891_JaffaCakes118
.exe windows:4 windows x86 arch:x86

594d51e648c268763869895736fded2a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

wsprintfA

kernel32

GetModuleHandleA
GetProcAddress
GetSystemDirectoryA
GetTempPathA
GetWindowsDirectoryA
GlobalAlloc
GlobalFree
LoadLibraryExA
LoadResource
LockResource
MoveFileExA
OpenProcess
Process32First
Process32Next
GetModuleFileNameA
RtlZeroMemory
SetFilePointer
SizeofResource
Sleep
GetLocalTime
VirtualAlloc
VirtualAllocEx
WaitForSingleObject
WriteFile
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpyA
lstrcpynA
lstrlenA
GetLastError
GetEnvironmentVariableA
GetCurrentProcessId
GetCurrentProcess
FreeLibrary
FindResourceA
CreateToolhelp32Snapshot
CreateRemoteThread
CreateFileA
CompareFileTime
CloseHandle
ReadFile
SystemTimeToFileTime

advapi32

RegSetValueExA
RegOpenKeyExA
RegCreateKeyA
RegCloseKey
OpenServiceA
OpenSCManagerA
OpenProcessToken
LookupPrivilegeValueA
CreateServiceA
ControlService
CloseServiceHandle
AdjustTokenPrivileges
StartServiceA
RegQueryValueExA

psapi

GetModuleFileNameExA
EnumProcessModules
EnumProcesses
GetModuleBaseNameA

shlwapi

StrStrA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

594d51e648c268763869895736fded2a

Headers

File Characteristics

Imports

user32

kernel32

advapi32

psapi

shlwapi

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 4KB

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 4KB