66069049344143495d601cce89f4e102_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

66069049344143495d601cce89f4e102_JaffaCakes118
Size

63KB
MD5

66069049344143495d601cce89f4e102
SHA1

5f41a3c3a2761239efe781624cd90a3fdcbcbfb8
SHA256

d85dc551aaab642d0bfc528fdf91ae272689dc33075973b304a79bb0e709cc31
SHA512

1a4ab0d7e35a44eb6ffd2b6c2bfb5396c439c2bab9eda5f8db944c749cfbfe4175bb4319e0f85c6cc96ac51e9c53dca129cc6b14c07784ee5e8b7e401ec0e652
SSDEEP

1536:1vIdrWX0LXQdtd9DC02qlqOr4R5usUT1tksXzRp6I:1Or7LgjCfqlR6o1tksXzRsI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
66069049344143495d601cce89f4e102_JaffaCakes118

Files

66069049344143495d601cce89f4e102_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0d96fa193cef33907395deb30373232a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CreateServiceA
FreeSid
GetSecurityDescriptorControl
OpenSCManagerA
QueryServiceStatus
RegDeleteValueA
RegSetValueExA
SetServiceStatus

kernel32

CompareStringA
CreateEventA
CreateMutexA
CreateThread
CreateToolhelp32Snapshot
DisableThreadLibraryCalls
EnumSystemLocalesA
ExitProcess
FileTimeToLocalFileTime
FindFirstFileA
FreeLibrary
GetConsoleOutputCP
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentStringsA
GetExitCodeProcess
GetFileSize
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetPrivateProfileSectionNamesA
GetProcAddress
GetProcessHeap
GetStdHandle
GetSystemDirectoryA
GetSystemTime
GetSystemTimeAsFileTime
GetVersionExA
GetWindowsDirectoryA
GlobalAlloc
GlobalFree
GlobalHandle
HeapSize
InitializeCriticalSection
InterlockedCompareExchange
InterlockedIncrement
IsBadWritePtr
IsDebuggerPresent
IsValidCodePage
LCMapStringA
LeaveCriticalSection
LoadLibraryExA
LocalAlloc
LockResource
Module32First
OutputDebugStringA
QueryPerformanceCounter
RaiseException
ReadFile
ReadProcessMemory
ResetEvent
ResumeThread
SearchPathA
SetErrorMode
SetEvent
SetFileTime
SetHandleCount
SetStdHandle
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SuspendThread
TerminateProcess
UnhandledExceptionFilter
UnmapViewOfFile
VirtualAlloc
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteConsoleA
WritePrivateProfileStringA
lstrcmpA
lstrcmpiA
lstrcpynA

user32

CallNextHookEx
CharLowerA
CharNextA
CharPrevA
CharUpperA
CreateWindowExA
DefWindowProcA
DestroyWindow
EnableMenuItem
EqualRect
GetCapture
GetDlgItemTextA
GetMenuItemCount
GetSubMenu
GetWindowLongA
IntersectRect
MessageBoxA
PeekMessageA
PostMessageA
PtInRect
RegisterWindowMessageA
SendDlgItemMessageA
SendMessageA
SetWindowTextA
TrackPopupMenu
TranslateMessage
UnregisterClassA
wsprintfA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Sections

.text
Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.DATA
Size: 15KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0d96fa193cef33907395deb30373232a

Headers

File Characteristics

Imports

advapi32

kernel32

user32

version

Sections

.text Size: 26KB - Virtual size: 28KB

.DATA Size: 15KB - Virtual size: 24KB

.data Size: 512B - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.idata Size: 3KB - Virtual size: 4KB

.edata Size: 15KB - Virtual size: 16KB

.text
Size: 26KB - Virtual size: 28KB

.DATA
Size: 15KB - Virtual size: 24KB

.data
Size: 512B - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.idata
Size: 3KB - Virtual size: 4KB

.edata
Size: 15KB - Virtual size: 16KB