64ecbbd15ff9f84c8e74766f1c8c928f_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

64ecbbd15ff9f84c8e74766f1c8c928f_JaffaCakes118
Size

26KB
MD5

64ecbbd15ff9f84c8e74766f1c8c928f
SHA1

7f19ea485c60298304aad9bea51e3b670dff9775
SHA256

476c99698d69aa11d35a5200ff3c160fc45a721741896b51df9a53f2c242ef4b
SHA512

27ef9dae374c8966f74ff5bcac66b4154ed29fbcdf839ca19bfeff6b8d22dc9b1460d2cd33332b6da80345fc7b7730cca7005e707f62a02c6184208f60be15ae
SSDEEP

768:HS8wg+O/DM7mPYmta3bwqHFk++TQbPSulz4K:HOg+O/DM7mPztkGQb3lzL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
64ecbbd15ff9f84c8e74766f1c8c928f_JaffaCakes118

Files

64ecbbd15ff9f84c8e74766f1c8c928f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f9655a67968841d432d338adced38c2c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

AllocateAndInitializeSid
GetTokenInformation
RegDeleteKeyW
RegDeleteValueW
FreeSid
RegSetValueExW
RegSetValueW
OpenProcessToken
RegEnumValueW
RegEnumKeyW
RegUnLoadKeyW
RegQueryInfoKeyW
RegQueryValueExW
RegCloseKey
EqualSid
RegOpenKeyExA
RegOpenKeyExW
AdjustTokenPrivileges
RegSaveKeyW
RegFlushKey
RegLoadKeyW
RegCreateKeyExW
RegQueryValueExA
LookupPrivilegeValueW

gdi32

GetObjectW
CreateFontIndirectW
GetStockObject
DeleteObject
GetDeviceCaps

setupapi

SetupCommitFileQueueW
SetupQueueCopyW
SetupInstallFromInfSectionW
SetupTermDefaultQueueCallback
SetupInitDefaultQueueCallbackEx
SetupFindNextLine
SetupCloseInfFile
SetupDefaultQueueCallbackW
SetupCloseFileQueue
SetupGetStringFieldW
SetupOpenFileQueue
SetupSetDirectoryIdW
SetupGetLineTextW
SetupOpenAppendInfFileW
SetupFindFirstLineW
SetupOpenInfFileW

kernel32

GetStartupInfoA

msvcrt

_wtoi
_initterm
free
memmove
_vsnprintf
longjmp
_wtol
_wcsnicmp
_vsnwprintf
_adjust_fdiv
bsearch
_setjmp3
malloc
memset
_wcsicmp
_ultow
_XcptFilter
_amsg_exit
memcpy

ntdll

NtAllocateVirtualMemory
RtlAdjustPrivilege

shlwapi

PathRemoveFileSpecW
StrStrIW
StrRChrW
PathAddBackslashW
PathAppendW
StrChrW
PathCombineW
PathBuildRootW
PathFileExistsW

oleaut32

VariantClear

ole32

CoTaskMemFree
OleInitialize
OleUninitialize

rpcrt4

RpcStringFreeW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f9655a67968841d432d338adced38c2c

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

gdi32

setupapi

kernel32

msvcrt

ntdll

shlwapi

oleaut32

ole32

rpcrt4

version

Sections

.text Size: 4KB - Virtual size: 4KB

.rsrc Size: 14KB - Virtual size: 14KB

.data Size: 512B - Virtual size: 40KB

.rdata Size: 5KB - Virtual size: 5KB

.text
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 14KB - Virtual size: 14KB

.data
Size: 512B - Virtual size: 40KB

.rdata
Size: 5KB - Virtual size: 5KB