38107738beec3c6b221334ba66c330d6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

38107738beec3c6b221334ba66c330d6_JaffaCakes118
Size

375KB
MD5

38107738beec3c6b221334ba66c330d6
SHA1

012ce4f2fe1411dd7a59a5409d0d6749349cb668
SHA256

33bcebaeeb69d922e3543ad62d417336f9ed33353f72f59023fef0bf1fa18e4a
SHA512

e76b7c42bfd176070cd11d8ae64abe203afd3e212ad30ff6676bdf75f23880b2fe68f5a84458c180beac2e80537bc86fdda4d1cfca95389c715867b004f2ccda
SSDEEP

6144:O8DtXZWCferuwBS8cUcwqXoyoiw7usRRYdvFAOMeDc5oeP/RHWVME2:rZ7feruwBS8cUpqY5l0p2eDfXVMF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
38107738beec3c6b221334ba66c330d6_JaffaCakes118

Files

38107738beec3c6b221334ba66c330d6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

23a1385aba4ee5d471c977938d3c5a66

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CreateServiceA
GetUserNameA
LockServiceDatabase
OpenProcessToken
OpenSCManagerA
RegCloseKey
RegEnumValueA
RegOpenKeyA
UnlockServiceDatabase

kernel32

AddAtomA
CloseHandle
CopyFileA
CreateEventA
CreateFileA
CreateFileMappingA
CreateProcessA
CreateToolhelp32Snapshot
DeleteAtom
DeleteCriticalSection
DeviceIoControl
DisableThreadLibraryCalls
DuplicateHandle
ExitProcess
FindFirstFileA
FindNextFileA
FindResourceA
FlushFileBuffers
FreeEnvironmentStringsA
GetCPInfo
GetComputerNameA
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentVariableA
GetFileAttributesA
GetFullPathNameA
GetLastError
GetModuleHandleA
GetOEMCP
GetPrivateProfileStringA
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetSystemDirectoryA
GetSystemTimeAsFileTime
GetTempPathA
GetThreadLocale
GetThreadTimes
GetTickCount
GetTimeFormatA
GetTimeZoneInformation
GetVersionExA
GetWindowsDirectoryA
GlobalFree
GlobalReAlloc
HeapAlloc
HeapCreate
HeapFree
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsBadCodePtr
IsDebuggerPresent
IsValidLocale
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LocalAlloc
LockResource
MultiByteToWideChar
OutputDebugStringA
QueryPerformanceCounter
RaiseException
ResetEvent
ResumeThread
SearchPathA
SetEnvironmentVariableA
SetErrorMode
SetHandleCount
Sleep
TlsFree
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualProtect
WaitForSingleObject
WideCharToMultiByte
WriteFile
WritePrivateProfileStringA
lstrcmpiA
lstrcpynA
lstrlenA

ole32

CoCreateFreeThreadedMarshaler
CoGetInterfaceAndReleaseStream
OleLoadFromStream
OleRegGetUserType
StringFromCLSID

user32

CallWindowProcA
CopyRect
DestroyWindow
DispatchMessageA
EndDialog
EqualRect
GetAsyncKeyState
GetCursorPos
GetDC
GetDlgItemTextA
GetParent
GetProcessWindowStation
GetSysColor
InflateRect
IsIconic
LoadCursorA
LoadStringA
MessageBoxA
MsgWaitForMultipleObjects
RegisterWindowMessageA
SetMenu
SetTimer
SetWindowLongA
SetWindowTextA
wsprintfA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Sections

.text
Size: - Virtual size: 352KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 369KB - Virtual size: 372KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

23a1385aba4ee5d471c977938d3c5a66

Headers

File Characteristics

Imports

advapi32

kernel32

ole32

user32

version

Sections

.text Size: - Virtual size: 352KB

.data Size: 369KB - Virtual size: 372KB

.idata Size: 3KB - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 4KB

.text
Size: - Virtual size: 352KB

.data
Size: 369KB - Virtual size: 372KB

.idata
Size: 3KB - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 4KB