3647d2c838cf14ca262d3db9951ba851_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3647d2c838cf14ca262d3db9951ba851_JaffaCakes118
Size

186KB
MD5

3647d2c838cf14ca262d3db9951ba851
SHA1

41599670b730d8639616475bc96f1e9d62081f42
SHA256

5824eaeb0a8f50c5e36c6fa75c411a074cac0b5d7d3eec4996af65e6bc827359
SHA512

8a4f407b3b07c848df4a8ec06013b2c0925ee3b7f28262e5b4cff97b94df020bb4b281924edaaef49ee4ad374f560792a23ca996569ff48fdd358331f8cc257a
SSDEEP

3072:g6/zAPjGR/f2CjaUmveMiSN7cOi9wAdzycEz+b6+fHwSH1jBdjyam7J3qbfVuPuK:g6/zAPjK32qDmGMCOejRyOb3QSHtBsai

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3647d2c838cf14ca262d3db9951ba851_JaffaCakes118

Files

3647d2c838cf14ca262d3db9951ba851_JaffaCakes118
.exe windows:4 windows x86 arch:x86

43f5700ce6889bd5ae6789c77127a1bd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

AdjustTokenPrivileges
CreateServiceA
OpenProcessToken
RegDeleteValueA
RegOpenKeyExA
RegQueryInfoKeyA
RegQueryValueA
SetServiceStatus
StartServiceA
UnlockServiceDatabase

kernel32

AddAtomA
CopyFileA
CreateEventA
CreateFileA
CreateMutexA
CreateThread
DeviceIoControl
DisableThreadLibraryCalls
EnterCriticalSection
ExitProcess
FileTimeToLocalFileTime
FindClose
FormatMessageA
FreeLibrary
GetConsoleMode
GetCurrentProcess
GetCurrentThreadId
GetDateFormatA
GetEnvironmentStringsA
GetFullPathNameA
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetProcessHeap
GetShortPathNameA
GetStringTypeA
GetSystemTime
GetSystemTimeAsFileTime
GetTempFileNameA
GetThreadTimes
GetTickCount
GetTimeZoneInformation
GetVersionExA
GetWindowsDirectoryA
GlobalHandle
GlobalReAlloc
HeapCreate
HeapDestroy
HeapFree
InterlockedCompareExchange
InterlockedExchange
IsBadReadPtr
IsBadWritePtr
LCMapStringA
LeaveCriticalSection
LoadLibraryA
LoadResource
LocalFree
LockResource
MapViewOfFile
Module32Next
MulDiv
MultiByteToWideChar
QueryPerformanceCounter
ReadFile
ReleaseMutex
RemoveDirectoryA
ResetEvent
SetEndOfFile
SetEvent
SetFilePointer
SetHandleCount
SetLastError
SetStdHandle
Sleep
SuspendThread
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualQuery
WriteConsoleA
lstrcatA
lstrcmpA
lstrlenA

user32

BeginPaint
CharNextA
CreateDialogParamA
CreatePopupMenu
CreateWindowExA
DefWindowProcA
DestroyMenu
GetCapture
GetDC
GetDesktopWindow
GetDlgCtrlID
GetDlgItemTextA
GetFocus
GetForegroundWindow
GetMessageA
GetWindowTextA
InflateRect
InvalidateRect
IsIconic
LoadIconA
MessageBoxA
PostMessageA
PostQuitMessage
ScreenToClient
SendDlgItemMessageA
SetMenu
TranslateMessage
UnregisterClassA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Sections

.text
Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.INIT
Size: 137KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

43f5700ce6889bd5ae6789c77127a1bd

Headers

File Characteristics

Imports

advapi32

kernel32

user32

version

Sections

.text Size: 26KB - Virtual size: 28KB

.INIT Size: 137KB - Virtual size: 324KB

.data Size: 512B - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.idata Size: 3KB - Virtual size: 4KB

.edata Size: 15KB - Virtual size: 16KB

.text
Size: 26KB - Virtual size: 28KB

.INIT
Size: 137KB - Virtual size: 324KB

.data
Size: 512B - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.idata
Size: 3KB - Virtual size: 4KB

.edata
Size: 15KB - Virtual size: 16KB