60d18448b06ddefb6be3832a5bed24c5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

60d18448b06ddefb6be3832a5bed24c5_JaffaCakes118
Size

449KB
MD5

60d18448b06ddefb6be3832a5bed24c5
SHA1

1a4bbe9696beb68dbc1da6af7e5a670fca264559
SHA256

b65eca005eedb76dcc31fd395c112513f261ab121da5b1024c57bcd62bd09de0
SHA512

6b7b70f7dc2e9905bb02007c21ca16e4458eed791661249ab9fe38138e0bbda402758f89d3c5019b5640306ec21b3e6f3f33f0a8a1784c0fe4ed577b0fff5d8c
SSDEEP

12288:Szor9XvNSSZQrfTzhj/L2g9939tzML7BLSLi10:SzoJ1dZQFd99NAdLx10

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
60d18448b06ddefb6be3832a5bed24c5_JaffaCakes118

Files

60d18448b06ddefb6be3832a5bed24c5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e09d8d1c33967709c5ad27d73adc7691

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

CreateFontIndirectW
DeleteObject
GetStockObject
GetDeviceCaps
GetObjectW

setupapi

SetupGetLineTextW
SetupDefaultQueueCallbackW
SetupFindFirstLineW
SetupQueueCopyW
SetupCloseInfFile
SetupOpenFileQueue
SetupSetDirectoryIdW
SetupFindNextLine
SetupOpenInfFileW
SetupGetStringFieldW
SetupCloseFileQueue
SetupCommitFileQueueW
SetupInstallFromInfSectionW
SetupOpenAppendInfFileW
SetupInitDefaultQueueCallbackEx
SetupTermDefaultQueueCallback

shlwapi

PathCombineW
StrChrW
PathAppendW
PathFileExistsW
StrRChrW
StrStrIW
PathRemoveFileSpecW
PathBuildRootW
PathAddBackslashW

rpcrt4

RpcStringFreeW

oleaut32

VariantClear

msvcrt

_setjmp3
memset
memcpy
_wtoi
_wcsnicmp
_adjust_fdiv
_vsnprintf
_XcptFilter
memmove
_amsg_exit
_wtol
free
longjmp
bsearch
_wcsicmp
malloc
_ultow
_initterm
_vsnwprintf

ole32

CoTaskMemFree
OleInitialize
OleUninitialize

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

advapi32

LookupPrivilegeValueW
CredRenameW
RegSaveKeyW
AdjustTokenPrivileges
OpenProcessToken
RegOpenKeyExA
CancelOverlappedAccess
GetTokenInformation
RegQueryValueExW
RegSetValueExW
FreeSid
RegCloseKey
ConvertSidToStringSidA
EqualSid
RegQueryInfoKeyW
RegSetValueW
BuildTrusteeWithNameA
ControlTraceA
RegEnumValueW
RegFlushKey
RegCreateKeyExW
RegEnumKeyW
RegDeleteValueW
CreateServiceW

kernel32

GetStartupInfoA

ntdll

NtAllocateVirtualMemory
RtlAdjustPrivilege

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 189KB - Virtual size: 189KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 118KB - Virtual size: 928KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rdata
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e09d8d1c33967709c5ad27d73adc7691

Headers

File Characteristics

Imports

gdi32

setupapi

shlwapi

rpcrt4

oleaut32

msvcrt

ole32

version

advapi32

kernel32

ntdll

Sections

.text Size: 12KB - Virtual size: 12KB

.rsrc Size: 189KB - Virtual size: 189KB

.data Size: 118KB - Virtual size: 928KB

.reloc Size: 512B - Virtual size: 36B

.rdata Size: 127KB - Virtual size: 127KB

.text
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 189KB - Virtual size: 189KB

.data
Size: 118KB - Virtual size: 928KB

.reloc
Size: 512B - Virtual size: 36B

.rdata
Size: 127KB - Virtual size: 127KB