3297c8cbb54f97ec66da27ccd8b37d3e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3297c8cbb54f97ec66da27ccd8b37d3e_JaffaCakes118
Size

449KB
MD5

3297c8cbb54f97ec66da27ccd8b37d3e
SHA1

30a3e282a1c5fcff1af09972cb1dcad21e82c935
SHA256

ea0f6624685a26e910d6df0b6785cdd9a3c17ebf8fc2b48b41eea6f145cfd3b9
SHA512

4ad50b9c5d80ffaa9717cb6ba6e2e27573dc99bd47c2b1f3b7d9873b9b41460e94093c46175535c37c296eac71de0ad07def8b70d9db178f6a2e02437cc55fda
SSDEEP

12288:vD5Yd9TMoxBclE4PmbDE1T42+G0uHL5BCJhRe0k:vDA5MlDO2T9+GBHNBCJre0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3297c8cbb54f97ec66da27ccd8b37d3e_JaffaCakes118

Files

3297c8cbb54f97ec66da27ccd8b37d3e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a067e94e3da209d61b65433351653269

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegSetValueExW
RegQueryValueExW
EqualDomainSid
GetTokenInformation
OpenProcessToken
RegDeleteKeyW
RegOpenKeyExA
RegDeleteValueW
RegOpenKeyExW
GetLengthSid
ConvertSidToStringSidW
RegCloseKey
RegCreateKeyExW
RegQueryInfoKeyW
QueryServiceStatus
RegQueryValueExA
RegEnumKeyExW
RegEnumKeyW
CreateWellKnownSid
IsWellKnownSid
RegEnumValueW

msvcrt

memmove
free
wcslen
_wcsnicmp
wcsncmp
wcsncpy
_except_handler3
_adjust_fdiv
malloc
wcscat
_initterm
wcscpy

ntdll

RtlDeleteCriticalSection
NtAllocateVirtualMemory
RtlSubAuthorityCountSid
RtlLengthSecurityDescriptor
RtlInitUnicodeString
NtCreateSemaphore
RtlLengthSid
RtlInitString
NtAllocateLocallyUniqueId
NtClose
RtlLeaveCriticalSection
RtlFreeUnicodeString
RtlCopySid
NtQueryInformationToken
RtlNtStatusToDosError
RtlInitializeCriticalSection
RtlCopyLuid
NtQueryValueKey
RtlEnterCriticalSection
RtlConvertSidToUnicodeString
RtlGetNtProductType
RtlValidSid
RtlEqualSid
RtlMakeSelfRelativeSD
DbgPrint

rpcrt4

RpcBindingFromStringBindingW
I_RpcMapWin32Status
I_RpcExceptionFilter
NdrClientCall2
RpcBindingFree
RpcSsDestroyClientContext
RpcStringFreeW
RpcStringBindingComposeW

kernel32

InterlockedCompareExchange
WaitForSingleObject
GetSystemInfo
FreeLibrary
ResetEvent
LocalFree
DelayLoadFailureHook
TerminateProcess
CloseHandle
SetThreadPriority
LoadLibraryA
GetTickCount
GetComputerNameW
InterlockedDecrement
QueryPerformanceCounter
SetLastError
GetComputerNameExW
CreateEventW
Beep
GetSystemTimeAsFileTime
VirtualFree
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetProcAddress
UnhandledExceptionFilter
InterlockedIncrement
SetEvent
GetCurrentThreadId
SetUnhandledExceptionFilter
GetLastError
VirtualAlloc
CreateThread

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 426KB - Virtual size: 425KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 928KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a067e94e3da209d61b65433351653269

Headers

File Characteristics

Imports

advapi32

msvcrt

ntdll

rpcrt4

kernel32

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 9KB - Virtual size: 8KB

.rsrc Size: 426KB - Virtual size: 425KB

.reloc Size: 512B - Virtual size: 28B

.data Size: 4KB - Virtual size: 928KB

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 426KB - Virtual size: 425KB

.reloc
Size: 512B - Virtual size: 28B

.data
Size: 4KB - Virtual size: 928KB