601f4797671103849bf93b05e477a896_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

601f4797671103849bf93b05e477a896_JaffaCakes118
Size

59KB
MD5

601f4797671103849bf93b05e477a896
SHA1

0e99761ee5a601ef0d8d0c8772bd15507588712b
SHA256

355c0b6570ec83370a5c6c652a70eeb0783bf3e5d6262ea667a5708436adc37c
SHA512

b7a99f6301c6e100c27e8846bb3c38920bfbadeadec71f29ba9a8b6357734a42c8f72f0b1895c5d237f2c16ebcb1b9bfc20e47fea082eedaecc22300162a4342
SSDEEP

1536:n0uzveQoNqBOF05c0qHsOeeoMTlm3YNv0BDa:nRzvePNqBc0K0qFpVn4Da

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
601f4797671103849bf93b05e477a896_JaffaCakes118

Files

601f4797671103849bf93b05e477a896_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b1fb39cb5e33208a11eeb911d10dd497

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

AccessCheck
IsTextUnicode
GetNumberOfEventLogRecords
OpenEventLogA
CryptContextAddRef
EnumDependentServicesA
SetEntriesInAuditListA
GetSecurityDescriptorControl
GetSecurityDescriptorOwner
GetServiceDisplayNameA
CryptEncrypt
CryptSignHashA
GetMultipleTrusteeA
RegDeleteValueA
RegFlushKey
FindFirstFreeAce
CryptGetKeyParam
CryptSetKeyParam
BackupEventLogA
DeregisterEventSource
AddAce
RegConnectRegistryA
GetSidSubAuthority
GetTrusteeTypeA
InitializeAcl
SetServiceStatus
QueryServiceObjectSecurity
RegOpenKeyA
CopySid
RevertToSelf
RegUnLoadKeyA
ControlService
CryptGenKey
GetExplicitEntriesFromAclA
AllocateAndInitializeSid
CryptHashSessionKey
GetAclInformation
ChangeServiceConfigA
RegSaveKeyA
CryptDestroyHash

user32

CreateDialogParamA
DdeEnableCallback
CreateWindowExA
LoadMenuIndirectA
MsgWaitForMultipleObjects
DispatchMessageA
SetWindowContextHelpId
EnumPropsExA
GetDC
VkKeyScanA
CharToOemBuffA
CreateAcceleratorTableA
UpdateWindow
CreateIconIndirect
GetMessagePos
GetAsyncKeyState
GetTopWindow
DrawMenuBar
ChangeMenuA
GetDlgCtrlID
InSendMessage
wvsprintfA
PostQuitMessage
FreeDDElParam
DrawCaption
IsCharLowerA
EnableScrollBar
GetProcessDefaultLayout
CloseDesktop
GetClipboardFormatNameA
DrawFrame
InsertMenuItemA
DdeUnaccessData
SendIMEMessageExA
GetIconInfo
GetKBCodePage
ShowWindowAsync
BringWindowToTop
SetMenuDefaultItem
SwitchToThisWindow
CascadeWindows
DdeCreateDataHandle
GetKeyboardLayoutList
SendMessageTimeoutA
RedrawWindow
DlgDirSelectExA
SetDoubleClickTime
RemovePropA
LoadIconA
RegisterWindowMessageA

kernel32

SearchPathA

Sections

.abqhk
Size: 22KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gls
Size: 5KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nmbk
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.evef
Size: 27KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b1fb39cb5e33208a11eeb911d10dd497

Headers

File Characteristics

Imports

advapi32

user32

kernel32

Sections

.abqhk Size: 22KB - Virtual size: 45KB

.gls Size: 5KB - Virtual size: 10KB

.nmbk Size: 1024B - Virtual size: 1KB

.evef Size: 27KB - Virtual size: 132KB

.rsrc Size: 2KB - Virtual size: 4KB

.abqhk
Size: 22KB - Virtual size: 45KB

.gls
Size: 5KB - Virtual size: 10KB

.nmbk
Size: 1024B - Virtual size: 1KB

.evef
Size: 27KB - Virtual size: 132KB

.rsrc
Size: 2KB - Virtual size: 4KB