6a19fa3494dc34adfbb809eaed2f7481_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6a19fa3494dc34adfbb809eaed2f7481_JaffaCakes118
Size

239KB
MD5

6a19fa3494dc34adfbb809eaed2f7481
SHA1

65c9cc3cc4e374bf1594af9813a5b5d599d4cc16
SHA256

839ed867ed5f6c0cc08c43a4f56c093379bd30e3da061e72ca1579f94e1be6ec
SHA512

c72d06be4e206d377b27b0b7ce97ba0971194b04e437e20cf6e17da16c0ace3e6b4a13db393ad7229a89a0d0c41c21c6cc4d9577155156becb6f351394627150
SSDEEP

3072:HtCbgyR38pxc2RSSr1O8JijA9h64XWRSwJSslwDE4SR:GfCpx62AA9hGRVxz4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6a19fa3494dc34adfbb809eaed2f7481_JaffaCakes118

Files

6a19fa3494dc34adfbb809eaed2f7481_JaffaCakes118
.exe windows:5 windows x86 arch:x86

123f993f0b83f1715d132e6f129d6958

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

g:\BestecProject\Partner\SVC\x86\Release90\SRVAPP.pdb

Imports

kernel32

CompareStringA
CompareStringW
FormatMessageA
LocalFree
GetModuleHandleA
GetProcAddress
OpenProcess
ExpandEnvironmentStringsA
CloseHandle
GetConsoleWindow
GetLastError
GetModuleFileNameA
GetSystemInfo
GetVersionExA
GetCurrentProcess
WTSGetActiveConsoleSessionId
CreateToolhelp32Snapshot
Process32First
ProcessIdToSessionId
Process32Next
Sleep
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
ReadFile
GetProcessHeap
SetEndOfFile
GetTimeZoneInformation
SetFilePointer
GetLocaleInfoW
FlushFileBuffers
GetConsoleMode
GetConsoleCP
RtlUnwind
HeapFree
HeapAlloc
GetModuleHandleW
ExitProcess
GetCommandLineA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetCurrentThread
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EnterCriticalSection
LeaveCriticalSection
HeapSize
HeapCreate
HeapDestroy
VirtualFree
DeleteCriticalSection
FatalAppExitA
VirtualAlloc
HeapReAlloc
WriteFile
GetStdHandle
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
LoadLibraryA
InitializeCriticalSectionAndSpinCount
LCMapStringA
WideCharToMultiByte
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RaiseException
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
CreateFileA
SetStdHandle
SetEnvironmentVariableA

user32

GetSystemMetrics

advapi32

CreateServiceA
LsaOpenPolicy
SetTokenInformation
DuplicateTokenEx
CreateProcessAsUserA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
LsaClose
LsaAddAccountRights
LookupAccountNameA
RegOpenKeyA
RegSetValueExA
RegCloseKey
QueryServiceConfigA
ChangeServiceConfigA
StartServiceA
SetServiceStatus
ControlService
QueryServiceConfig2A
OpenServiceA
DeleteService
RegisterServiceCtrlHandlerExA
StartServiceCtrlDispatcherA
ChangeServiceConfig2A
OpenSCManagerA
CloseServiceHandle

rasapi32

RasDialA

userenv

RefreshPolicyEx
CreateEnvironmentBlock
DestroyEnvironmentBlock

wtsapi32

WTSEnumerateSessionsA
WTSEnumerateProcessesA
WTSFreeMemory
WTSQuerySessionInformationA
WTSQueryUserToken

Sections

.text
Size: 196KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

123f993f0b83f1715d132e6f129d6958

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

rasapi32

userenv

wtsapi32

Sections

.text Size: 196KB - Virtual size: 196KB

.rdata Size: 27KB - Virtual size: 26KB

.data Size: 6KB - Virtual size: 19KB

.idata Size: 5KB - Virtual size: 5KB

.rsrc Size: 3KB - Virtual size: 3KB

.text
Size: 196KB - Virtual size: 196KB

.rdata
Size: 27KB - Virtual size: 26KB

.data
Size: 6KB - Virtual size: 19KB

.idata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 3KB - Virtual size: 3KB