61d3ae462720d862102b29f5eaa01a7f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

61d3ae462720d862102b29f5eaa01a7f_JaffaCakes118
Size

328KB
MD5

61d3ae462720d862102b29f5eaa01a7f
SHA1

ddc2e772868d543e1f65471d422b225acea3ead5
SHA256

40ad1f351cdbe0763fd0857e61c7e93ff5d46c5832706735e922cda4873f9804
SHA512

98e068bac8418b155d4fde0d5606c5272a27a4257ca3a0ee6cefc483cd7c7f33e12b4d0d579ec2b1fe69d3f186ca334789f738817832783dbe8d9dc94316c705
SSDEEP

6144:SVtisu1+wTe+owFK2nAZrgnLsqT2A/te9YJcnqpd+2AqkysHBg82JWXC:SVtiB1+oFUrSIU2xzqz+2AqkDHIJUC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
61d3ae462720d862102b29f5eaa01a7f_JaffaCakes118

Files

61d3ae462720d862102b29f5eaa01a7f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b24a7d6ba5c51be69335f69eaf02e41a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetUnhandledExceptionFilter
CloseHandle
UnhandledExceptionFilter
GetModuleHandleA
GetCurrentProcess
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetSystemDirectoryW
GetCurrentThreadId
Sleep
GetCurrentProcessId
lstrcatW
TerminateProcess
CreateProcessW
GetProcessVersion
lstrcpyW
lstrlenW
GetFileAttributesW
VirtualFree
VirtualProtect
GetCommandLineA
GetStartupInfoA

user32

SetActiveWindow
KillTimer
SetTimer
GetWindowRect
GetSystemMenu
PostThreadMessageW
GetDesktopWindow
SendMessageW
OpenInputDesktop
OpenDesktopW
GetUserObjectInformationW
CloseDesktop
SetForegroundWindow
MsgWaitForMultipleObjects
TranslateMessage
DispatchMessageW
PostMessageW
EndDialog
GetFocus

advapi32

FreeSid
AllocateAndInitializeSid
RevertToSelf
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
QueryServiceStatus
CloseServiceHandle
OpenServiceW
OpenSCManagerW
DuplicateTokenEx
DuplicateToken
ControlService
ImpersonateLoggedOnUser
StartServiceW
CreateProcessAsUserW
CheckTokenMembership
GetUserNameW

rpcrt4

RpcBindingSetAuthInfoExW
NdrClientCall2
RpcBindingFree
RpcBindingFromStringBindingW

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_wsplitpath
_wremove
wcscspn
_except_handler3
_wcsicmp

Sections

.text
Size: 317KB - Virtual size: 317KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 307KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b24a7d6ba5c51be69335f69eaf02e41a

Headers

File Characteristics

Imports

kernel32

user32

advapi32

rpcrt4

msvcrt

Sections

.text Size: 317KB - Virtual size: 317KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 307KB

.rsrc Size: 3KB - Virtual size: 2KB

.text
Size: 317KB - Virtual size: 317KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 307KB

.rsrc
Size: 3KB - Virtual size: 2KB