6a4cebfe159b8328a244aba8d035d446_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6a4cebfe159b8328a244aba8d035d446_JaffaCakes118
Size

57KB
MD5

6a4cebfe159b8328a244aba8d035d446
SHA1

095c67f8419e1061ac4c7c119e55d321c0427e24
SHA256

f2ccb1d183dd58867d67b9dcba62c863b0893e97c12fe8a807e7ef91f9f7110e
SHA512

777446335b186ed45a36aad7d237dd341bfc02c51086007fc7a95a6d1830c7d8f9795ea07315473f4ee1d46fbb5c1fbdff43803178eaa230604fed30f9ed2bdd
SSDEEP

1536:nvdp7KLDfzAgdRtp7Uybjz5k3xbTV0d46YpluFRJ:nvdp7KLPAUfp7Uaz5qbTKH8k

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6a4cebfe159b8328a244aba8d035d446_JaffaCakes118

Files

6a4cebfe159b8328a244aba8d035d446_JaffaCakes118
.exe windows:5 windows x86 arch:x86

1c05fd3bddd06f78ebb6d2c6012886a3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

iisrstas.pdb

Imports

msvcrt

__set_app_type
_except_handler3
swprintf
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_c_exit
_initterm
__getmainargs
__initenv
exit
_cexit
_XcptFilter
_exit
wcscmp
_wcsicmp
wcslen
??2@YAPAXI@Z
??3@YAXPAX@Z
_strcmpi
_purecall
malloc
iswctype
_wtol
free
_controlfp
realloc

atl

ord32
ord20
ord17
ord23
ord21
ord16

advapi32

MakeSelfRelativeSD
FreeSid
GetSecurityDescriptorLength
MakeAbsoluteSD
AllocateAndInitializeSid
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
SetSecurityDescriptorDacl
EqualSid
DeleteAce
AddAccessAllowedAce
InitializeAcl
AddAccessDeniedAce
GetAclInformation
GetAce
AddAce
LookupAccountNameW
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
GetLengthSid
InitializeSecurityDescriptor
RegSetValueExW
RegCreateKeyExW
InitiateSystemShutdownW
RegisterEventSourceW
ReportEventW
DeregisterEventSource
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
ControlService
CloseServiceHandle
EnumDependentServicesW
OpenServiceW
LookupAccountSidW
GetTokenInformation
QueryServiceStatus
StartServiceW
QueryServiceConfigW
OpenSCManagerW

kernel32

GetModuleHandleA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
QueryPerformanceCounter
EnterCriticalSection
LeaveCriticalSection
LoadLibraryW
GetProcAddress
FreeLibrary
FormatMessageW
GetVersionExW
LocalAlloc
LocalFree
GetTickCount
GetCurrentProcessId
GetCommandLineW
GetModuleHandleW
GetCurrentThreadId
CreateEventW
CreateThread
SetEvent
InterlockedDecrement
InterlockedIncrement
GetLastError
GetCurrentProcess
CloseHandle
OpenProcess
Sleep
TerminateProcess
WaitForSingleObject
lstrcmpiW
lstrlenW
lstrcpyW
ReadProcessMemory
InitializeCriticalSection
DeleteCriticalSection

user32

wsprintfW
GetMessageW
DispatchMessageW
CharNextW
PostThreadMessageW
wsprintfA
EnumWindows
GetWindowThreadProcessId
GetWindowTextW
PostMessageW

ole32

CoInitializeEx
CoInitializeSecurity
CoUninitialize

oleaut32

LoadRegTypeLi
SetErrorInfo

ntdll

NtQueryInformationProcess

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pmpeuvz
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1c05fd3bddd06f78ebb6d2c6012886a3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

atl

advapi32

kernel32

user32

ole32

oleaut32

ntdll

Sections

.text Size: 20KB - Virtual size: 20KB

.data Size: 512B - Virtual size: 280B

.rsrc Size: 35KB - Virtual size: 36KB

pmpeuvz Size: - Virtual size: 4KB

.text
Size: 20KB - Virtual size: 20KB

.data
Size: 512B - Virtual size: 280B

.rsrc
Size: 35KB - Virtual size: 36KB

pmpeuvz
Size: - Virtual size: 4KB