4a74372d1869062ba882a86f8b928dc6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4a74372d1869062ba882a86f8b928dc6_JaffaCakes118
Size

315KB
MD5

4a74372d1869062ba882a86f8b928dc6
SHA1

b714b5348a789337608ccc42db372e2058dd59d4
SHA256

77cf3e4d82e12e8915ef09d59a700b73de05d0958dc128e21c99c39acc236440
SHA512

975704939e38d69e3eef4516b7f84d51edfe45cbc4e898df89d9853b81d6078fd394b0fba696388a26e15d4af5c998ef6eb1117344267dbdee8156fa610e03fb
SSDEEP

6144:Maunq14l2wUpj1NoTc3aeZ4U3Mmkj0Vc/zRtPhLB8or4rZFWsPQ+:7APUpBzKo4URkgVi7r8ldF7Q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4a74372d1869062ba882a86f8b928dc6_JaffaCakes118

Files

4a74372d1869062ba882a86f8b928dc6_JaffaCakes118
.exe windows:5 windows x86 arch:x86

fd745a9f1081de7d2371090ea4a083de

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoCreateInstance
CoUninitialize
CoInitializeEx

advapi32

RegEnumKeyA
RegOpenKeyExA
StartServiceA
ChangeServiceConfigA
RegOpenKeyA
CloseServiceHandle
RegOpenKeyW
QueryServiceStatus
RegSetValueExA
OpenServiceA
RegQueryValueExA
RegCloseKey
RegQueryValueExW
OpenSCManagerA

kernel32

VirtualAlloc
WideCharToMultiByte
HeapFree
GetShortPathNameW
GetModuleHandleA
GetLocaleInfoA
CreateFileA
GetTempFileNameW
GetVersionExA
CloseHandle
WriteFile
HeapReAlloc
GetTickCount
GetTempPathW
MultiByteToWideChar
GetLastError
LCMapStringA
LoadLibraryA
VirtualProtect
VirtualQuery
LCMapStringW
Sleep
GetProcessHeap
lstrlenA
lstrcmpA
DeleteFileW
GlobalAlloc
lstrcmpiW
lstrcpyA
GetStringTypeW
FreeLibrary
GetSystemInfo
ExitProcess
lstrlenW
GetProcAddress
lstrcmpiA
CreateDirectoryW
VirtualFree
GlobalFree
HeapAlloc
GetStringTypeA
LoadLibraryW

ntdll

LdrGetDllHandle
RtlUshortByteSwap
NtAllocateVirtualMemory

user32

wsprintfA

tapi32

lineOpen
lineInitializeExW
lineShutdown
lineNegotiateAPIVersion
lineGetID
lineClose
lineGetDevCapsW

setupapi

SetupOpenMasterInf
SetupDiCallClassInstaller
SetupDiDestroyDeviceInfoList
SetupPromptForDiskA
SetupGetSourceFileLocationA
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW
SetupDiOpenDevRegKey
SetupDiGetDeviceInstanceIdW
SetupCloseInfFile
SetupGetSourceInfoA
SetupDiCreateDeviceInfoList
SetupDiSetClassInstallParamsA

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 285KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fd745a9f1081de7d2371090ea4a083de

Headers

DLL Characteristics

File Characteristics

Imports

ole32

advapi32

kernel32

ntdll

user32

tapi32

setupapi

Sections

.text Size: 15KB - Virtual size: 15KB

.rsrc Size: 285KB - Virtual size: 284KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 3KB - Virtual size: 1.4MB

.tls Size: 512B - Virtual size: 4KB

.text
Size: 15KB - Virtual size: 15KB

.rsrc
Size: 285KB - Virtual size: 284KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 3KB - Virtual size: 1.4MB

.tls
Size: 512B - Virtual size: 4KB