42e65620e856e757ed64bc084d9b49ff_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

42e65620e856e757ed64bc084d9b49ff_JaffaCakes118
Size

161KB
MD5

42e65620e856e757ed64bc084d9b49ff
SHA1

05133ab9cfd1350293ff455dc3b127441d01f8f3
SHA256

a436bb6ede2bba1051baebaf3d0e37b5eee0e97bdccdf817f749a7668643d185
SHA512

7cf3b3df98e26b08e4017eb57436cf1d57cab118d12b80575a4bd3284088be981a5e2d3cc5544fa99c4de53be3a9af8e4edf186710d7df604b86286a56d7d14e
SSDEEP

3072:GQvKA/NqhyCXC217qxhPXXTDPWffgwLtVXk9XhFiAExEHIDeNN:GQvKAFUbCa8hPXXTDP05zGhTEC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
42e65620e856e757ed64bc084d9b49ff_JaffaCakes118

Files

42e65620e856e757ed64bc084d9b49ff_JaffaCakes118
.exe windows:4 windows x86 arch:x86

40f37bad71fe905f954b17269656bee8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetACP
InitializeCriticalSection
GetConsoleOutputCP
SetUnhandledExceptionFilter
HeapFree
HeapSize
QueryPerformanceCounter
TerminateProcess
VirtualAlloc
GetDateFormatA
IsDebuggerPresent
MultiByteToWideChar
WriteConsoleA
GetStringTypeW
WriteFile
GetTickCount
LCMapStringW
SetEndOfFile
HeapDestroy
LoadLibraryA
EnterCriticalSection
ReadFile
GetOEMCP
VirtualFree
GetSystemTimeAsFileTime
CompareStringW
GetTimeFormatA
SetFilePointer
EnumResourceTypesA
GetCurrentProcessId
FreeLibrary
GetLocaleInfoA
CompareFileTime
GetTimeZoneInformation
HeapCreate
SetStdHandle
LeaveCriticalSection
IsValidCodePage
LCMapStringA
RaiseException
GetCurrentProcess
UnhandledExceptionFilter
CompareStringA
HeapReAlloc
RtlUnwind
GetCPInfo
SetEnvironmentVariableA
GetStringTypeA

oleacc

LresultFromObject
AccessibleObjectFromPoint

advapi32

RegGetKeySecurity
EqualSid
StartServiceA
FreeInheritedFromArray
RegEnumKeyExW
InitializeSecurityDescriptor
GetTokenInformation
ChangeServiceConfig2W
EnumDependentServicesW
RegCreateKeyExW
RegDeleteKeyW
SetSecurityInfo
GetAce
DeleteService
AddAce
SetSecurityDescriptorDacl
AdjustTokenPrivileges
LookupPrivilegeValueA
SetNamedSecurityInfoW
RegOpenKeyExW
OpenServiceW
RegSaveKeyW
LockServiceDatabase
RegSetValueExW
SetEntriesInAclA
QueryServiceConfigW
QueryServiceLockStatusW
RegQueryValueExW
OpenSCManagerW
ChangeServiceConfigW
FreeSid
InitializeAcl
GetNamedSecurityInfoW
SetEntriesInAclW
LookupPrivilegeNameA
CloseServiceHandle
CreateServiceW
AllocateAndInitializeSid
GetSecurityInfo
IsValidSecurityDescriptor
GetSecurityDescriptorControl
RegRestoreKeyW
OpenProcessToken
LookupPrivilegeDisplayNameA
UnlockServiceDatabase
QueryServiceStatus
RegCloseKey
IsValidAcl
GetInheritanceSourceW
GetAclInformation
LookupAccountSidW
ControlService
RegDeleteValueW
RegEnumValueW

iphlpapi

GetIpAddrTable

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 410KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

40f37bad71fe905f954b17269656bee8

Headers

File Characteristics

Imports

kernel32

oleacc

advapi32

iphlpapi

Sections

.text Size: 40KB - Virtual size: 39KB

.rdata Size: 3KB - Virtual size: 410KB

.data Size: 117KB - Virtual size: 116KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 40KB - Virtual size: 39KB

.rdata
Size: 3KB - Virtual size: 410KB

.data
Size: 117KB - Virtual size: 116KB

.rsrc
Size: 512B - Virtual size: 4KB