6194ce0a96d3fad89ee44e2775501891_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6194ce0a96d3fad89ee44e2775501891_JaffaCakes118
Size

132KB
MD5

6194ce0a96d3fad89ee44e2775501891
SHA1

74f80fa33fb2699f478d95c7933c599a32532173
SHA256

3ba88fb277782afcc10c4c18ee24c87195abaf6f5cba1f8d84fef926cc63a50a
SHA512

d26181ca473f6cfffe043b3afd8f253f545eeadd0a0a6735e96227b53710b4cec94ca8b8ab61d881b3f0f9c6729389f1215a3b708915463ee711bb7639ab1f9e
SSDEEP

1536:WP8bTahU1fflDVJdYK6mvb37GAGwUQ6/3ywrkKw5gwCJminV2sCw87hCpNjR:W0bv3BzTL7gQ6/Cwk2wdQwsCwNjR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6194ce0a96d3fad89ee44e2775501891_JaffaCakes118

Files

6194ce0a96d3fad89ee44e2775501891_JaffaCakes118
.exe windows:5 windows x86 arch:x86

8f71c25062d305e74872ad3619d140cd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_BIND
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

msnunin.pdb

Imports

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegQueryInfoKeyA
FreeSid
EqualSid
GetTokenInformation
OpenProcessToken
AllocateAndInitializeSid
AdjustTokenPrivileges
LookupPrivilegeValueA

kernel32

lstrcpynA
CloseHandle
OpenProcess
ReleaseMutex
GetLastError
CreateMutexA
WritePrivateProfileStringA
MultiByteToWideChar
GetPrivateProfileStringA
FreeLibrary
WideCharToMultiByte
lstrcpyA
lstrcatA
lstrcmpiA
lstrlenA
lstrcmpA
RemoveDirectoryA
GetCurrentProcessId
CopyFileA
SetFileAttributesA
DeleteFileA
GetTempFileNameA
GetTempPathA
GetFileAttributesA
GetModuleFileNameA
GetProcAddress
LoadLibraryA
ExitProcess
GetCommandLineA
GetModuleHandleA
IsDBCSLeadByte
GetWindowsDirectoryA
GetSystemDirectoryA
FindClose
FindFirstFileA
FindNextFileA
GetVersionExA
LocalFree
LocalAlloc
GetCurrentProcess
GetExitCodeProcess
CreateProcessA
DebugBreak
TerminateProcess
SetUnhandledExceptionFilter

user32

LoadStringA
MessageBoxA
wsprintfA
EnumChildWindows
CharNextA
DispatchMessageA
TranslateMessage
FindWindowA
MsgWaitForMultipleObjects
ExitWindowsEx
CharPrevA
CharUpperA
PostMessageA
GetWindowThreadProcessId
CreateDialogParamA
PeekMessageA
DestroyWindow

ole32

CoCreateInstance
CLSIDFromString
CoUninitialize
CoInitialize

oleaut32

SysFreeString

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8f71c25062d305e74872ad3619d140cd

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

ole32

oleaut32

Sections

.text Size: 20KB - Virtual size: 16KB

.data Size: 4KB - Virtual size: 312B

.rsrc Size: 104KB - Virtual size: 101KB

.text
Size: 20KB - Virtual size: 16KB

.data
Size: 4KB - Virtual size: 312B

.rsrc
Size: 104KB - Virtual size: 101KB