627975a5905e4af95afe7c3acbcdc4b5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

627975a5905e4af95afe7c3acbcdc4b5_JaffaCakes118
Size

91KB
MD5

627975a5905e4af95afe7c3acbcdc4b5
SHA1

945400edd5d21d0db75481cc5fd5814f7e030c43
SHA256

9ff402704a51bc2b8db694e62828898374cf3f4b55368af2f0b78a08d54ee90d
SHA512

a642858469e4a78078b48f9fc456c29312783b5a3e3292e705a08851e6e13e82039b2b8c24dfb2636f6484853893c4e4234c7ee1fb801e2492ea48ad69be9059
SSDEEP

1536:suUElq7wXpT5dfTmqeM7KdxM316bmCOSPFP6MOGnGFlUzC7AlRghyYAi9YCd:s7ElqUZXmcUy1MdPCFlkC7Al+hyXiiC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
627975a5905e4af95afe7c3acbcdc4b5_JaffaCakes118

Files

627975a5905e4af95afe7c3acbcdc4b5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

aa75c5757500201ee00597bd997d5f70

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetVersion
GetVersionExA
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
LCMapStringA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
RtlUnwind
SearchPathA
SetEvent
SetHandleCount
Sleep
TerminateProcess
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WinExec
WriteFile
lstrcmpA
lstrcmpiA
lstrcpyA
lstrlenA
GetLastError
GetFileType
GetEnvironmentStringsA
GetCurrentProcess
GetCommandLineA
GetACP
FreeEnvironmentStringsW
FreeEnvironmentStringsA
ExitProcess
DeviceIoControl
CreateProcessA
CreateMutexA
CreateEventA
MultiByteToWideChar
CloseHandle

setupapi

SetupDiSetClassInstallParamsA
SetupDiGetDeviceInterfaceDetailA
SetupDiGetDeviceInstanceIdA
SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiCallClassInstaller

advapi32

InitializeSecurityDescriptor
InitializeAcl
GetLengthSid
FreeSid
AllocateAndInitializeSid
RegCreateKeyA
RegCreateKeyExA
RegDeleteValueA
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
SetSecurityDescriptorDacl
RegCloseKey

user32

CreatePopupMenu
CreateWindowExA
DefWindowProcA
DestroyMenu
DispatchMessageA
GetClassNameA
GetCursorPos
GetDC
GetDesktopWindow
GetMenuCheckMarkDimensions
GetMessageA
GetSysColor
GetWindow
InsertMenuItemA
LoadCursorA
LoadIconA
LoadImageA
LoadStringA
PostMessageA
PostQuitMessage
RegisterClassA
ReleaseDC
SendMessageA
SetForegroundWindow
ShowWindow
SystemParametersInfoA
TranslateMessage

winmm

mixerGetDevCapsA
mixerGetID
mixerGetNumDevs
mixerOpen
waveInGetDevCapsA
waveInGetNumDevs
mixerClose

Sections

.text
Size: 78KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aa75c5757500201ee00597bd997d5f70

Headers

File Characteristics

Imports

kernel32

setupapi

advapi32

user32

winmm

Sections

.text Size: 78KB - Virtual size: 80KB

.data Size: 9KB - Virtual size: 12KB

.rsrc Size: 1KB - Virtual size: 4KB

.reloc Size: 1KB - Virtual size: 4KB

.text
Size: 78KB - Virtual size: 80KB

.data
Size: 9KB - Virtual size: 12KB

.rsrc
Size: 1KB - Virtual size: 4KB

.reloc
Size: 1KB - Virtual size: 4KB