694a591f406c007aecac4c6ead5a9131_JaffaCakes118

General

Target

694a591f406c007aecac4c6ead5a9131_JaffaCakes118
Size

46KB
MD5

694a591f406c007aecac4c6ead5a9131
SHA1

a0d2238cbf1be1558731021f512221b486e3cbfb
SHA256

afbeb5bc9b472772c36a8a3e8d774233281576e2a337cb1573508c3149a25dc8
SHA512

4d8edbd6d554d2d23dda489ef1a7418b759707aa3d1a3251864094145b173481d4ecf8e55d6aa4870faa482488d43343fd28bde1e6d83b735d4053c6dc69d960
SSDEEP

768:kcfKgNl01y/pyWXJx7Caq+722drmNPUVGRFEBacGHc1DzPIJg:kcCg77/XJ9va2drmN8ARFEBasPIg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
694a591f406c007aecac4c6ead5a9131_JaffaCakes118

Files

694a591f406c007aecac4c6ead5a9131_JaffaCakes118
.exe windows:4 windows x86 arch:x86

642dc4db2b0194c7626cc7abec8eefa7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

LookupPrivilegeValueW
CopySid
GetSidIdentifierAuthority
CloseServiceHandle
LookupPrivilegeNameA
RegConnectRegistryA
IsValidSid
RegCreateKeyExA
LookupAccountSidA
QueryServiceConfigA
GetTokenInformation
AddAccessAllowedAce
QueryServiceObjectSecurity
IsValidSecurityDescriptor
RegDeleteKeyA

msvcrt

srand
memset
wcsncpy
memcmp
rand
qsort
_wctime
__p__fmode
fgets
_strcmpi
_wfopen
tolower
__getmainargs
memmove
_itow

ole32

CoTaskMemRealloc
CoGetMalloc
OleDoAutoConvert
OleCreateFromFile
CoLockObjectExternal
CoRegisterMallocSpy
CoGetCurrentProcess
OleCreateMenuDescriptor
OleQueryLinkFromData
CoGetObject
OleRegEnumFormatEtc
OleCreateLink
OleGetAutoConvert
CoFileTimeToDosDateTime
OleSetClipboard
OleCreate

kernel32

TerminateProcess
IsValidLocale
MulDiv
CreateEventA
ReadProcessMemory
GetConsoleMode
GetProcessAffinityMask
SetLastError
GetCPInfo
GetConsoleCP
GetSystemTimeAsFileTime
lstrcpynA
HeapFree
InterlockedIncrement
GetLocaleInfoW
MultiByteToWideChar
GetLocaleInfoA
TlsSetValue
ReadFile
QueryPerformanceCounter

Sections

.text
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

642dc4db2b0194c7626cc7abec8eefa7

Headers

File Characteristics

Imports

advapi32

msvcrt

ole32

kernel32

Sections

.text Size: 42KB - Virtual size: 41KB

.data Size: 2KB - Virtual size: 12KB

.rsrc Size: 1024B - Virtual size: 944B

.text
Size: 42KB - Virtual size: 41KB

.data
Size: 2KB - Virtual size: 12KB

.rsrc
Size: 1024B - Virtual size: 944B