33214fa37a35874d12c588117c205466_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

33214fa37a35874d12c588117c205466_JaffaCakes118
Size

89KB
MD5

33214fa37a35874d12c588117c205466
SHA1

774657605017ef27c06e0e094e13ea9fa2387f3e
SHA256

4e76d38242e53e2d127816c253afa1c5cc13b7a2912aa44eeb0c020a9eee763b
SHA512

a2cffaa1eaf98345e989128bd151071f0b28c9dd4152484013c6a2a649ca135b17958e687736f8af79a9dcb42442d260d704d389b7fbc741710854246f7113cb
SSDEEP

1536:aKKycX2+/5mWu4MIa6q4os07XFjCE2Wyvj1QXvcc+1fnZcILhLM4iwPCBdZ5Q:/BX+/5mWu4MIaAos0zFjlshQXvj+tnZT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
33214fa37a35874d12c588117c205466_JaffaCakes118

Files

33214fa37a35874d12c588117c205466_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a24531c02a5909aaef410c133c424127

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetWindowsDirectoryA
WinExec
TerminateThread
CreateThread
lstrcmpA
ReadFile
GetFileAttributesA
GetModuleFileNameA
SetUnhandledExceptionFilter
ReleaseMutex
CreateMutexA
GetCommandLineA
Sleep
SetLastError
GetTempPathA
GetTickCount
FindResourceA
LoadResource
CreateFileA
SizeofResource
WriteFile
FreeResource
MoveFileA
GetModuleHandleA
DeleteFileA
GetSystemDirectoryA
ExitProcess
WideCharToMultiByte
MultiByteToWideChar
OpenProcess
lstrlenA
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
GetCurrentProcess
CloseHandle
CreateToolhelp32Snapshot
lstrcpyA
Process32First
Process32Next
lstrcmpiA
lstrcatA
GetLastError
GetProcessHeap
HeapAlloc
HeapFree
LoadLibraryA
GetProcAddress
FreeLibrary
SetFilePointer

user32

MessageBoxA
GetInputState
wsprintfA
GetForegroundWindow

advapi32

GetLengthSid
OpenServiceA
QueryServiceStatus
ControlService
GetUserNameA
OpenSCManagerA
CloseServiceHandle
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
AllocateAndInitializeSid
RegSetKeySecurity
RegCloseKey
FreeSid
GetFileSecurityA
InitializeSecurityDescriptor
GetSecurityDescriptorDacl
GetAclInformation
InitializeAcl
GetAce
EqualSid
AddAccessAllowedAce
SetSecurityDescriptorDacl
SetFileSecurityA
ChangeServiceConfigA
RegCreateKeyA
CreateServiceA
GetServiceDisplayNameA
StartServiceA

ole32

CoTaskMemAlloc
CoTaskMemFree

msvcrt

??1type_info@@UAE@XZ
strstr
strrchr
??3@YAXPAX@Z
memcpy
strcmp
__CxxFrameHandler
_except_handler3
realloc
malloc
strlen
strchr
_strcmpi
memset
??2@YAPAXI@Z

ws2_32

closesocket
socket

netapi32

NetApiBufferFree
NetUserGetLocalGroups

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a24531c02a5909aaef410c133c424127

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

msvcrt

ws2_32

netapi32

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 1KB - Virtual size: 1KB

.rsrc Size: 75KB - Virtual size: 74KB

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 75KB - Virtual size: 74KB