4b04f1ed3a7c4aaa7ba15b6bfc6613ee_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4b04f1ed3a7c4aaa7ba15b6bfc6613ee_JaffaCakes118
Size

73KB
MD5

4b04f1ed3a7c4aaa7ba15b6bfc6613ee
SHA1

dcd22998e3f32966e88f7b0cf42a430109e9ecae
SHA256

63cea5414c26a3c49a197e1a7c2680eb4e52d199c4b71ca3527497a272101d62
SHA512

0010031096317773c5a9edd404f085485e4246d28b42954585bcba84318092ab405cbe9ad9c00f0dea93012c171c20b83c19a30dc85ad2cf8d8b0e30be79376e
SSDEEP

1536:6YP/qFZ3wbCSKMzbEzpHjjI3KcNWbpbCSKC41:fPiFWbCSKMzIlHjjI6cNWlbCSKCY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4b04f1ed3a7c4aaa7ba15b6bfc6613ee_JaffaCakes118

Files

4b04f1ed3a7c4aaa7ba15b6bfc6613ee_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f3b8f4f0a1d6a5d1ee7dbeccee8c0ed2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

OleUninitialize
OleInitialize

kernel32

ReadFile
HeapDestroy
CloseHandle
CompareStringA
OpenSemaphoreA
ReleaseMutex
FreeEnvironmentStringsA
CreateMutexA
SetProcessWorkingSetSize
GetFullPathNameW
MoveFileW
ResumeThread
GetTimeFormatA
WriteFile
UnhandledExceptionFilter
SetLastError
DeviceIoControl
DeleteCriticalSection
SetThreadAffinityMask
HeapAlloc
WritePrivateProfileStructW
WriteProcessMemory
SetFilePointer
CreateFileA
EnumSystemLocalesA
EnterCriticalSection
FlushFileBuffers
VirtualProtectEx
GetCommandLineA
InitializeCriticalSectionAndSpinCount
QueryDosDeviceW
SetStdHandle
TlsAlloc
OpenProcess
GetStdHandle
TlsGetValue
WideCharToMultiByte
CreateFileW
GetPrivateProfileStructW
HeapSize
SetUnhandledExceptionFilter
WritePrivateProfileStringW
GetTimeZoneInformation
GetSystemDefaultLangID
LCMapStringW
GetOEMCP
RemoveDirectoryW
HeapReAlloc
CreateFileMappingA
GetACP
GetUserDefaultLCID
GetCurrentThreadId
GetFileType
IsDebuggerPresent
TlsSetValue
CompareStringW
WriteConsoleW
CreateRemoteThread
GetSystemInfo
TerminateThread
SetEnvironmentVariableA
GetDriveTypeW
CreateProcessW
GetConsoleOutputCP
ReadProcessMemory
CopyFileW
GetModuleHandleW
RtlUnwind
GetTempPathW
VirtualFree
GetDateFormatA
FatalAppExitA
ReleaseSemaphore
GetLogicalDrives
FreeLibrary
GetSystemTimeAsFileTime
UnmapViewOfFile
SetHandleCount
FreeEnvironmentStringsW
GetWindowsDirectoryW
FindFirstFileW
WaitForSingleObject
SuspendThread
FindNextFileW
SetConsoleCtrlHandler
OpenFileMappingA
LCMapStringA
TlsFree
MapViewOfFileEx
GetModuleHandleA
GetConsoleMode
LeaveCriticalSection
IsValidCodePage
HeapFree
ExpandEnvironmentStringsW
VirtualQueryEx
WriteConsoleA
GetThreadContext
FindClose
VirtualAlloc
GetSystemDirectoryW
GetShortPathNameW
GetConsoleCP
OpenMutexA
GetPrivateProfileStringW
IsValidLocale
CreateSemaphoreA
RaiseException
VirtualAllocEx

advapi32

InitializeAcl
RegCreateKeyExW
RegCloseKey
RegQueryInfoKeyW
SetSecurityDescriptorOwner
StartServiceW
RegLoadKeyW
OpenSCManagerW
AddAccessAllowedAce
RegDeleteValueW
AdjustTokenPrivileges
GetLengthSid
DeleteService
QueryServiceStatus
RegEnumKeyExW
RegSetValueExW
EnumServicesStatusW
ControlService
RegUnLoadKeyW
FreeSid
CreateServiceW
AllocateAndInitializeSid
RegOpenKeyExW
OpenServiceW
InitializeSecurityDescriptor
CloseServiceHandle
OpenProcessToken
RegQueryValueExW
RegDeleteKeyW
LookupPrivilegeValueW
RegSetKeySecurity
QueryServiceConfigW
SetSecurityDescriptorDacl
RegEnumValueW

user32

EnumChildWindows
PostMessageW
EnumWindows
SendMessageTimeoutW
GetWindowThreadProcessId
GetClassNameW
IsWindowVisible
GetWindowTextW

hlink

HlinkCreateBrowseContext
HlinkQueryCreateFromData
DllGetClassObject
HlinkOnNavigate
HlinkClone
DllCanUnloadNow

msrle32

DriverProc

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.kFxK
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.sdEoJmd
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rJRWl
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.wDRprGv
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.AIsArGv
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.syKvnKw
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.kLOvqFV
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f3b8f4f0a1d6a5d1ee7dbeccee8c0ed2

Headers

DLL Characteristics

File Characteristics

Imports

ole32

kernel32

advapi32

user32

hlink

msrle32

Sections

.text Size: 23KB - Virtual size: 23KB

.kFxK Size: 512B - Virtual size: 248B

.sdEoJmd Size: 5KB - Virtual size: 4KB

.rdata Size: 4KB - Virtual size: 24KB

.rJRWl Size: 4KB - Virtual size: 3KB

.data Size: 8KB - Virtual size: 193KB

.rsrc Size: 17KB - Virtual size: 17KB

.wDRprGv Size: 3KB - Virtual size: 2KB

.AIsArGv Size: 3KB - Virtual size: 3KB

.syKvnKw Size: 2KB - Virtual size: 1KB

.kLOvqFV Size: 3KB - Virtual size: 2KB

.text
Size: 23KB - Virtual size: 23KB

.kFxK
Size: 512B - Virtual size: 248B

.sdEoJmd
Size: 5KB - Virtual size: 4KB

.rdata
Size: 4KB - Virtual size: 24KB

.rJRWl
Size: 4KB - Virtual size: 3KB

.data
Size: 8KB - Virtual size: 193KB

.rsrc
Size: 17KB - Virtual size: 17KB

.wDRprGv
Size: 3KB - Virtual size: 2KB

.AIsArGv
Size: 3KB - Virtual size: 3KB

.syKvnKw
Size: 2KB - Virtual size: 1KB

.kLOvqFV
Size: 3KB - Virtual size: 2KB