67cf4e33681082c399e8faa20f57cfc3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

67cf4e33681082c399e8faa20f57cfc3_JaffaCakes118
Size

76KB
MD5

67cf4e33681082c399e8faa20f57cfc3
SHA1

488734899dddf37a15bbbb10c7b8620d61aedf64
SHA256

4f6839dc9f37b664be20c93ef5a761e4e043f0580a3f55c73cad75177fe9ce39
SHA512

a75db1d8238759d95e7dc6ba9bfd875f1a58505b07712d77161307cefdf4112fe5622110fcf33ad36289a0056092d56197dbaca0467ae413248a8917d355ba9f
SSDEEP

1536:2RZ7dQbNJ5MruzvN5Wi7MfgBHIjpo8GIu:2RZ7dQpJ12EMfgBHIjpo8GIu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
67cf4e33681082c399e8faa20f57cfc3_JaffaCakes118

Files

67cf4e33681082c399e8faa20f57cfc3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b7a3421314dfa9bffcd2a399f473af57

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

hprbutil

?GetDwordValue@CHPRBReg@@QAEJPBDPAK@Z
??0CHPRBReg@@QAE@XZ

kernel32

GetShortPathNameA
SizeofResource
LoadResource
FindResourceA
GetLastError
LoadLibraryExA
lstrcpynA
MultiByteToWideChar
FreeLibrary
LoadLibraryA
lstrcatA
GetCurrentProcess
GetCurrentThread
CreateSemaphoreA
GetCurrentProcessId
ReleaseSemaphore
lstrlenA
InterlockedIncrement
GetModuleFileNameA
GetCurrentThreadId
GetCommandLineA
lstrcmpiA
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
lstrcpyA
EnterCriticalSection
lstrlenW
WideCharToMultiByte
WaitForMultipleObjects
SetEvent
LeaveCriticalSection
CloseHandle
WaitForSingleObject
ReleaseMutex
InitializeCriticalSection
SignalObjectAndWait
DeleteCriticalSection
CreateThread
CreateEventA
CreateMutexA
IsDBCSLeadByte
GetProcAddress
LCMapStringA
FreeEnvironmentStringsA
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
WriteFile
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
SetFilePointer
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
LCMapStringW
VirtualAlloc
VirtualFree
IsBadWritePtr
HeapDestroy
GetVersionExA
HeapCreate
HeapSize
TerminateProcess
GetEnvironmentVariableA
GetACP
GetCPInfo
UnhandledExceptionFilter
FreeEnvironmentStringsW
RtlUnwind
GetOEMCP
ExitProcess
GetVersion
GetEnvironmentStrings
HeapAlloc
GetModuleHandleA
GetStartupInfoA
HeapFree
HeapReAlloc

user32

GetMessageA
CharNextA
PostThreadMessageA
DispatchMessageA
LoadStringA
MessageBoxA

advapi32

GetLengthSid
RegQueryInfoKeyA
RegEnumValueA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegCreateKeyExA
RegDeleteKeyA
RegEnumKeyExA
ControlService
DeleteService
StartServiceCtrlDispatcherA
RegDeleteValueA
RegSetValueExA
CreateServiceA
RegisterServiceCtrlHandlerA
RegisterEventSourceA
SetServiceStatus
DeregisterEventSource
OpenSCManagerA
ReportEventA
CloseServiceHandle
RegOpenKeyExA
OpenServiceA
RegCloseKey
CopySid
RegQueryValueExA
SetSecurityDescriptorGroup
OpenProcessToken
SetSecurityDescriptorOwner
GetTokenInformation
OpenThreadToken

ole32

CoCreateInstance
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemRealloc
CoInitializeSecurity
CoTaskMemFree
CoTaskMemAlloc
CoInitialize
CoUninitialize

oleaut32

SysStringByteLen
RegisterTypeLi
VarUI4FromStr
SafeArrayGetDim
SafeArrayGetLBound
SysFreeString
SafeArrayUnaccessData
SafeArrayGetElemsize
SysStringLen
VariantClear
VariantInit
VariantCopyInd
SysAllocString
SysAllocStringLen
LoadRegTypeLi
VariantChangeType
SafeArrayAccessData
SafeArrayGetUBound
LoadTypeLi

Sections

.text
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.fz
Size: 510B - Virtual size: 510B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b7a3421314dfa9bffcd2a399f473af57

Headers

File Characteristics

Imports

hprbutil

kernel32

user32

advapi32

ole32

oleaut32

Sections

.text Size: 44KB - Virtual size: 42KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 12KB - Virtual size: 17KB

.rsrc Size: 8KB - Virtual size: 8KB

.fz Size: 510B - Virtual size: 510B

.text
Size: 44KB - Virtual size: 42KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 12KB - Virtual size: 17KB

.rsrc
Size: 8KB - Virtual size: 8KB

.fz
Size: 510B - Virtual size: 510B