44977c9cd468e7455cc89db8164f50b2_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

44977c9cd468e7455cc89db8164f50b2_JaffaCakes118
Size

220KB
MD5

44977c9cd468e7455cc89db8164f50b2
SHA1

ec3a6b57b8b5c7f651b7d47e93b9d6f3ed9b6fb2
SHA256

f0cba70d2e87b1a0854221337c7efc8d2e1f8e587ab44b433b7799f69436192b
SHA512

b0608079c1a58eb2a41ad0ba8b9400a2c1e382ee5f379b3475974ceb4297eaaedfb239b273a8c4fb8756917d97617d37f867aac21261bdc1ee93176fe331ffdf
SSDEEP

3072:FAvmx9zZf++mxuMHlGLrZUtin0jf97Cgd6QHC0GRRoTQQoB9G+Y4lJQ93a:dzZfnojgt0jfFNvXEoTQ/lJQha

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
44977c9cd468e7455cc89db8164f50b2_JaffaCakes118

Files

44977c9cd468e7455cc89db8164f50b2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1c6d5273448b14cbfe2d7f93ac6479c6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_stricmp
_strlwr
memset
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
strchr
strrchr
??3@YAXPAX@Z
_endthreadex
strncpy
srand
_beginthreadex
strstr
sprintf
atol
??2@YAPAXI@Z
rand
memcpy

user32

ExitWindowsEx
GetActiveWindow

advapi32

RegDeleteKeyA
RegDeleteValueA
RegCreateKeyExA
AdjustTokenPrivileges
RegFlushKey
LookupPrivilegeValueA
OpenProcessToken
OpenSCManagerA
CloseServiceHandle
CreateServiceA
ControlService
OpenServiceA
RegQueryValueExA
StartServiceA
DeleteService
RegCloseKey
RegSetValueExA

wininet

InternetCrackUrlA
InternetCreateUrlA

shell32

ShellExecuteA

ole32

StringFromGUID2
CoInitializeEx
CoCreateGuid
CoCreateInstance

oleaut32

VariantClear
SafeArrayCreateVector
SafeArrayAccessData
VariantInit
SysFreeString
SafeArrayUnaccessData
SysAllocString

kernel32

FindFirstFileA
Process32Next
SetCurrentDirectoryA
lstrcpyA
OpenMutexA
MoveFileExA
DeleteFileA
CreateMutexA
SetEvent
GetModuleHandleA
GetLocalTime
lstrlenA
GetStartupInfoA
OpenProcess
CreateFileA
WritePrivateProfileStringA
GetLastError
LoadResource
GlobalAlloc
CreateProcessA
SetLastError
GetFileSize
IsBadWritePtr
GetProcAddress
CreateToolhelp32Snapshot
GetFileTime
TerminateProcess
WideCharToMultiByte
GetTickCount
LoadLibraryA
GetEnvironmentVariableA
SizeofResource
Process32First
CloseHandle
DeviceIoControl
GetWindowsDirectoryA
Sleep
SetFileTime
GetVersionExA
CopyFileA
GetSystemDirectoryA
GetCurrentProcess
ReadFile
GetCurrentThreadId
FindResourceA
FindNextFileA
GetCurrentProcessId
GetModuleFileNameA
SetFilePointer
CreateEventA
MultiByteToWideChar
ExitProcess
WaitForSingleObject
WriteFile
GlobalFree
GetTempFileNameA
GetTempPathA
FindClose
GetVolumeInformationA

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 132KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1c6d5273448b14cbfe2d7f93ac6479c6

Headers

File Characteristics

Imports

msvcrt

user32

advapi32

wininet

shell32

ole32

oleaut32

kernel32

Sections

.text Size: 30KB - Virtual size: 30KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 132KB - Virtual size: 152KB

.rsrc Size: 49KB - Virtual size: 49KB

.text
Size: 30KB - Virtual size: 30KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 132KB - Virtual size: 152KB

.rsrc
Size: 49KB - Virtual size: 49KB