5de6d91d29bdaeeaf8990be080bf00a2_JaffaCakes118

General

Target

5de6d91d29bdaeeaf8990be080bf00a2_JaffaCakes118
Size

97KB
MD5

5de6d91d29bdaeeaf8990be080bf00a2
SHA1

a3b80e4c0a1b95a7838d502fdb497b573a414690
SHA256

46d4692746cc83954ae7458c46938f856789a1a2a6bdb0805064e97dccca11f6
SHA512

8470776901d9f4f746eb739dd0056d5e18e4ca768e4c67abc5914333ca9c751ff6014d88dd5c50c251221dd616fefaad77ded0762863fbffa20729fba344676d
SSDEEP

1536:tWvAtGpFl+TNfRRuZyjkn/ANlRwFbWgHYdkfspcdyVowu3uPccLmRXk:tW4ts+TTBgn/IlRwFb/4dkf/wRLm9k

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5de6d91d29bdaeeaf8990be080bf00a2_JaffaCakes118

Files

5de6d91d29bdaeeaf8990be080bf00a2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

72c9f4bbd8e3c6c2316f1e8329f29b30

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStartupInfoA
FreeLibrary
LocalAlloc
InterlockedExchange
RaiseException
GetCommandLineA
SetUnhandledExceptionFilter
ExpandEnvironmentStringsA
GetShortPathNameA
GetTickCount
CreateEventA
WaitForSingleObject
GetModuleFileNameA
SleepEx
CreateFileA
GetCurrentThreadId
WriteFile
GetFileTime
SetFileTime
MoveFileA
GetTempPathA
GetCurrentDirectoryA
LoadLibraryA
ExitProcess
GetModuleHandleA
GetProcAddress
Sleep
GetCurrentThread
GetCurrentProcessId
lstrlenA
GetSystemDirectoryA
SetFileAttributesA
DeleteFileA
GetFileAttributesA
CreateDirectoryA
GetLastError
GetCurrentProcess
CloseHandle

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
__getmainargs
_acmdln
exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
strncpy
strcmp
srand
??2@YAPAXI@Z
memmove
memset
strcpy
strcat
_except_handler3
_strlwr
_stricmp
_ftol
rand
__CxxFrameHandler
memcpy
strlen
_initterm
_strrev
_strupr

advapi32

RegOpenKeyExA
RegCloseKey
CloseServiceHandle
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegQueryValueExA
RegDeleteValueA
RegDeleteKeyA
RegSetValueExA
RegCreateKeyExA
StartServiceA
ChangeServiceConfigA
OpenServiceA
OpenSCManagerA
ChangeServiceConfig2A
DeleteService
RegRestoreKeyA
RegSaveKeyA
CreateServiceA
ControlService
GetServiceDisplayNameA
GetServiceKeyNameA

ws2_32

listen

Sections

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

72c9f4bbd8e3c6c2316f1e8329f29b30

Headers

File Characteristics

Imports

kernel32

msvcrt

advapi32

ws2_32

Sections

.text Size: 12KB - Virtual size: 9KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 164KB - Virtual size: 164KB

.rsrc Size: 28KB - Virtual size: 26KB

.text
Size: 12KB - Virtual size: 9KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 164KB - Virtual size: 164KB

.rsrc
Size: 28KB - Virtual size: 26KB