619b6486f1a4e6451206847951bf9efc_JaffaCakes118

General

Target

619b6486f1a4e6451206847951bf9efc_JaffaCakes118
Size

468KB
MD5

619b6486f1a4e6451206847951bf9efc
SHA1

d37c7529d3565482d5d9e67c1fed6455f2de0669
SHA256

5c4d0962a9e5ffc28a0bf8d3951e9017d3a639f80d2c2a2912fb0d8190fe81b2
SHA512

ed003ef65b45174c1b2729ef6c6123a842d5a62ff057614a0280e7bc39ed4e8bd952fd2032b0a2e04bfa879a2307df52f15f0841b07b298eecf39abfb38f949b
SSDEEP

6144:xKU6TGEOMB9Q7z76B1151BDloXLGkf3aLiqQ2qJzoUa+7+q0EmU/tcmeyo2x3Sf5:xKJgzetovGi5ZkUR77mS2eniMKkBLm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
619b6486f1a4e6451206847951bf9efc_JaffaCakes118

Files

619b6486f1a4e6451206847951bf9efc_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1e0683a6e2293f7d9dd866833a914527

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WinExec
GetModuleHandleA
TerminateProcess
GetVersion
DeviceIoControl
GetSystemDirectoryA
WriteFile
GetCurrentProcess
DeleteFileA
CreateFileA
LoadLibraryA
CloseHandle
GetVersionExA
GetModuleFileNameA
LoadLibraryExA
FreeLibrary
GetProcAddress
GlobalAlloc
GetTempPathA
GetSystemDefaultLangID
GlobalFree
HeapFree
LCMapStringA
IsBadWritePtr
LCMapStringW
SetUnhandledExceptionFilter
HeapReAlloc
VirtualAlloc
IsBadCodePtr
IsBadReadPtr
GetStringTypeA
RtlUnwind
GetStartupInfoA
GetCommandLineA
ExitProcess
GetCPInfo
GetACP
GetOEMCP
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
VirtualFree
GetEnvironmentStringsW
HeapAlloc
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate

user32

MessageBoxA
ExitWindowsEx

advapi32

OpenSCManagerA
RegDeleteKeyA
CreateServiceA
CloseServiceHandle
RegCloseKey
StartServiceA
ControlService
OpenServiceA
OpenProcessToken
LookupPrivilegeValueA
DeleteService
RegSetValueExA
AdjustTokenPrivileges
RegCreateKeyExA
RegOpenKeyExA

shlwapi

SHDeleteKeyA

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 436KB - Virtual size: 434KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1e0683a6e2293f7d9dd866833a914527

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

Sections

.text Size: 20KB - Virtual size: 18KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 436KB - Virtual size: 434KB

.rsrc Size: 4KB - Virtual size: 928B

.text
Size: 20KB - Virtual size: 18KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 436KB - Virtual size: 434KB

.rsrc
Size: 4KB - Virtual size: 928B