4154c91513136a41315db637c2522a37_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4154c91513136a41315db637c2522a37_JaffaCakes118
Size

492KB
MD5

4154c91513136a41315db637c2522a37
SHA1

53d800681f75bdfd0751037f636e04e07d4f1262
SHA256

497f4d6dbd3dd896f15c7cf4350ab85c49ce08514881d24d94bd8b21905b26c4
SHA512

7c28335170dfb090330298805fa9e4de96dfa787c2546cecccc0d431a72aa2359a00c2ef159ed1c4fdf0e10d91cd8af1485460ed2269e03bc32b4eb127f73922
SSDEEP

12288:wq4ChHRvHXy+rJm9mOOGIMzmwvOt6JNcsIp52ZUSh82VCIYuV7sa7Cz+Neqcr:LV1C+rJm7a+Vl76+cF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4154c91513136a41315db637c2522a37_JaffaCakes118

Files

4154c91513136a41315db637c2522a37_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1ff2eb53401e672fe8217f5fc8eafe48

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
GetLengthSid
ReportEventW
GetTokenInformation
SetThreadToken
OpenThreadToken
RegOpenKeyExW
OpenProcessToken
RegSetValueExW
EqualSid
DeregisterEventSource
IsValidSid
RegNotifyChangeKeyValue
FreeSid
RegCreateKeyExW
RegisterEventSourceW
CopySid
AllocateAndInitializeSid
DuplicateToken
RegDeleteKeyW
RegQueryValueExW

ntdll

RtlImageNtHeader
RtlAllocateHeap
RtlFreeHeap

esent

JetCommitTransaction

user32

GetWindowRect
EndDialog
GetDesktopWindow
CloseDesktop
OpenWindowStationW
EnumPropsA
MapWindowPoints
GetThreadDesktop
DialogBoxParamW
SetDlgItemTextW
LoadStringW
CloseWindowStation
OpenDesktopW
GetProcessWindowStation
DlgDirListComboBoxW
SetWindowPos
GetClientRect

secur32

AddCredentialsA

version

VerQueryValueW

kernel32

BackupSeek
VirtualAlloc
GetLastError

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 434KB - Virtual size: 434KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1ff2eb53401e672fe8217f5fc8eafe48

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

ntdll

esent

user32

secur32

version

kernel32

Sections

.text Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 28B

.rsrc Size: 434KB - Virtual size: 434KB

.idata Size: 1KB - Virtual size: 1KB

.rdata Size: 29KB - Virtual size: 28KB

.data Size: 24KB - Virtual size: 2.1MB

.text
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 28B

.rsrc
Size: 434KB - Virtual size: 434KB

.idata
Size: 1KB - Virtual size: 1KB

.rdata
Size: 29KB - Virtual size: 28KB

.data
Size: 24KB - Virtual size: 2.1MB