345ea9bd6a492fea56903be5ac1b7b41_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

345ea9bd6a492fea56903be5ac1b7b41_JaffaCakes118
Size

151KB
MD5

345ea9bd6a492fea56903be5ac1b7b41
SHA1

ffa38284f0d6c5b7959c0e2d9d0a305abc08e324
SHA256

7ab1d97cfaf0600d2a18f1108fb8598e60a98e973b2f7f251d6188965d1cf696
SHA512

f2bdc592b793cdc2807a59b0183fb33d6cd2f15ef2967231e8fe460a1200835ae04caa017706b4686fc4ba910ae2fab25a99da189b9c0a3517247b140bf6c780
SSDEEP

3072:2xldGbOirc/waTW9jh14DZMl8XqOUNLVDDUZ59wAKazk:SzGCi4/wN9jh14DZMl8XqnBDW5rKa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
345ea9bd6a492fea56903be5ac1b7b41_JaffaCakes118

Files

345ea9bd6a492fea56903be5ac1b7b41_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1fd37253520d2d3121a058c6d3d109c8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

AllocateAndInitializeSid
ChangeServiceConfig2A
CloseServiceHandle
CreateServiceA
EqualSid
OpenServiceA
QueryServiceStatus
RegDeleteValueA
StartServiceCtrlDispatcherA

kernel32

CloseHandle
CompareStringA
DeleteFileA
EnterCriticalSection
ExitProcess
FindClose
FindNextFileA
FormatMessageA
GetConsoleCP
GetConsoleOutputCP
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentThreadId
GetDriveTypeA
GetEnvironmentStringsA
GetFileTime
GetFileType
GetLocaleInfoA
GetPrivateProfileSectionNamesA
GetPrivateProfileStringA
GetProcessHeap
GetStdHandle
GetSystemDirectoryA
GetSystemTime
GetTempFileNameA
GetUserDefaultLCID
GetVersion
GetWindowsDirectoryA
HeapDestroy
InitializeCriticalSection
InterlockedCompareExchange
IsBadReadPtr
LCMapStringA
LoadLibraryA
LoadResource
LocalAlloc
LocalFree
MulDiv
OpenEventA
QueryPerformanceCounter
RaiseException
ReadProcessMemory
ReleaseMutex
SetCurrentDirectoryA
SetEvent
SetFilePointer
Sleep
VirtualFree
WaitForSingleObject
WideCharToMultiByte
WritePrivateProfileStringA
lstrcatA
lstrcmpiA

user32

CreateWindowExA
GetDlgItemTextA
MessageBoxA
PostMessageA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerFindFileA
VerInstallFileA
VerLanguageNameA
VerQueryValueA

Sections

.text
Size: 126KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.DATA
Size: 11KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1fd37253520d2d3121a058c6d3d109c8

Headers

File Characteristics

Imports

advapi32

kernel32

user32

version

Sections

.text Size: 126KB - Virtual size: 128KB

.rdata Size: 512B - Virtual size: 4KB

.DATA Size: 11KB - Virtual size: 132KB

.data Size: 6KB - Virtual size: 8KB

.idata Size: 2KB - Virtual size: 4KB

.rsrc Size: 3KB - Virtual size: 2KB

.text
Size: 126KB - Virtual size: 128KB

.rdata
Size: 512B - Virtual size: 4KB

.DATA
Size: 11KB - Virtual size: 132KB

.data
Size: 6KB - Virtual size: 8KB

.idata
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 3KB - Virtual size: 2KB