3d124d303127d20edcafb8d3717e3846_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3d124d303127d20edcafb8d3717e3846_JaffaCakes118
Size

6.3MB
MD5

3d124d303127d20edcafb8d3717e3846
SHA1

88b3d5638ca0e8412db2c0520ca669b98e53e608
SHA256

250152e949c18b1a012818f2f8a4d1810f800aba27571363a250e7bc9bfb085f
SHA512

cda07480b5876a5d08fd7d97e58c3d19776ef30c3c79e0a62a74e5612eaf70f5bd94c8e136d3c0b28e08906fab4ba3888781fa373832156bb39e5d0369fcd511
SSDEEP

6144:P8LOQyV7edm6zj3xfPQEyyIhulHRrRXw3GgqFtOf7:P8IV7cnzlfxhHRrRXH/Fq7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3d124d303127d20edcafb8d3717e3846_JaffaCakes118

Files

3d124d303127d20edcafb8d3717e3846_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ea31db51908cb2209db9efb7e68ee80a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
GetVersionExA
MoveFileA
MultiByteToWideChar
lstrcatA
CopyFileA
WritePrivateProfileStringA
GetWindowsDirectoryA
GetEnvironmentVariableA
CompareStringW
CompareStringA
FlushFileBuffers
GetStringTypeW
GetStringTypeA
LCMapStringW
GetShortPathNameA
CreateProcessA
SetPriorityClass
SetFileAttributesA
ResumeThread
FindFirstFileA
FindNextFileA
FindClose
Sleep
GetLastError
lstrcpyA
GetTempPathA
GetTickCount
HeapFree
GetCurrentProcess
FindResourceA
LoadResource
SystemTimeToFileTime
LocalFileTimeToFileTime
GlobalFree
FreeResource
ExitProcess
WriteFile
lstrlenA
CloseHandle
LoadLibraryA
GetProcAddress
GetCurrentThreadId
HeapReAlloc
HeapAlloc
RtlUnwind
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
VirtualFree
VirtualAlloc
IsBadWritePtr
HeapDestroy
HeapCreate
TerminateProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
SetStdHandle
LCMapStringA
SetEnvironmentVariableA

user32

PostThreadMessageA
GetMessageA
IsCharAlphaNumericA
wsprintfA
GetInputState

advapi32

RegDeleteValueA
RegCreateKeyA
ControlService
StartServiceA
OpenServiceA
ChangeServiceConfigA
OpenSCManagerA
CloseServiceHandle
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyExA
RegSetValueExA
RegDeleteKeyA
RegOpenKeyExA
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegSetKeySecurity
RegCloseKey
FreeSid

Sections

.text
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 196KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ea31db51908cb2209db9efb7e68ee80a

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 60KB - Virtual size: 57KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 56KB - Virtual size: 62KB

.rsrc Size: 196KB - Virtual size: 193KB

.text
Size: 60KB - Virtual size: 57KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 56KB - Virtual size: 62KB

.rsrc
Size: 196KB - Virtual size: 193KB