42d557fcdd3f45208914524993aa4bcf_JaffaCakes118

General

Target

42d557fcdd3f45208914524993aa4bcf_JaffaCakes118
Size

50KB
MD5

42d557fcdd3f45208914524993aa4bcf
SHA1

a5a8abeed11c972ef1476f3ff6054b22f871066e
SHA256

81f9089445ff7a6d47f8547cbef99cc08231aa84c6bd7bfd676b2277699f9af7
SHA512

e3d12f42b76d5bb2f2542b063878ec57c76949ee6eeb95b0f22ca7c5bd07aa73cbdddacf90766769562fac695fdd798d2ee22cb5c7e1ba0857db66101e8362be
SSDEEP

768:yiT5cxpyYqCNsiKudQhK+EuQxMMTdgNf6VeY/BbzLOAoQFXmQMD5zNF:yi4pyY1NsiKudqOCCdafNYdzLHvmTZD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
42d557fcdd3f45208914524993aa4bcf_JaffaCakes118

Files

42d557fcdd3f45208914524993aa4bcf_JaffaCakes118
.exe windows:5 windows x86 arch:x86

287437ab5a2814338928f196ebda91dc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

evntcmd.pdb

Imports

mfc42

ord823
ord800
ord540
ord4160
ord825
ord1772

msvcrt

?terminate@@YAXXZ
_controlfp
_onexit
__dllonexit
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__initenv
exit
_cexit
_XcptFilter
_exit
_c_exit
sprintf
_stricmp
_open
memmove
_lseek
_read
_close
__CxxFrameHandler
_purecall
atoi
strchr
setlocale
printf
_iob
fflush
??1type_info@@UAE@XZ

advapi32

RegSetValueExA
RegEnumValueA
RegCloseKey
RegConnectRegistryA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyExA
RegDeleteKeyA
CloseServiceHandle
OpenServiceA
OpenSCManagerA
QueryServiceStatus
StartServiceA
ControlService
RegDeleteValueA

kernel32

GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
Sleep
GetLastError
FormatMessageA
LocalFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetModuleHandleA
SetThreadUILanguage
GetCurrentProcessId

user32

CharToOemA

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

wvpbdst
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

287437ab5a2814338928f196ebda91dc

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc42

msvcrt

advapi32

kernel32

user32

Sections

.text Size: 12KB - Virtual size: 11KB

.data Size: 512B - Virtual size: 500B

.rsrc Size: 36KB - Virtual size: 38KB

wvpbdst Size: - Virtual size: 4KB

.text
Size: 12KB - Virtual size: 11KB

.data
Size: 512B - Virtual size: 500B

.rsrc
Size: 36KB - Virtual size: 38KB

wvpbdst
Size: - Virtual size: 4KB