6fb1e4ec62384616301558b93506ce59_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6fb1e4ec62384616301558b93506ce59_JaffaCakes118
Size

198KB
MD5

6fb1e4ec62384616301558b93506ce59
SHA1

c4bc5f32698260059e73dfdad5a7e8b3e3ea4940
SHA256

56093cc34cb0ebe87812ac6f86b0132b5c2cd1f675be290577166ebae68cd9bb
SHA512

17b5f064f2a5d76a49961a2a6511c855e7068d2f4f65e12b9527ad5520c142c1e5d3044c84ba21451a1d73535885fffb8472f90837ab9f95ff38244e71503c62
SSDEEP

3072:8ltzH4sNJRnuCC0r6vGK6awq7TbbFRnv3o680qtoI2811XZmp8TWS4zMtY+YnMfr:AMs9tC2K65C/fnvlqJ282p8TWLb+YMX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6fb1e4ec62384616301558b93506ce59_JaffaCakes118

Files

6fb1e4ec62384616301558b93506ce59_JaffaCakes118
.exe windows:1 windows x86 arch:x86

09748c5ab47ec08fddd3dd445c72de29

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MoveFileExA
GetTickCount
GetSystemTimeAsFileTime
GetStartupInfoA
GetACP
RemoveDirectoryA
GetSystemDirectoryA
DeleteFileA
SetFilePointer
GetOEMCP
GetExitCodeProcess
TerminateProcess
FindFirstFileA
InterlockedExchange
lstrlenA
MapViewOfFile
CreateFileA
SetUnhandledExceptionFilter
Sleep
GetCommandLineA
FreeLibrary
CloseHandle
CreateDirectoryA
CreateFileMappingA
GetCommandLineW
GetCurrentProcess
SetFileAttributesA
GetCurrentProcessId
FindClose
GetLastError
InterlockedCompareExchange
GetProcessHeap
GetFileSize
lstrcpynA
GlobalAlloc
GetCurrentThreadId
lstrcatA
QueryPerformanceCounter
SetEndOfFile
GetPrivateProfileStringA
UnmapViewOfFile
GlobalFree
VirtualProtect
lstrcpyA
GetShortPathNameA
FindNextFileA
UnhandledExceptionFilter
GetProcAddress
CreateProcessA
GetModuleHandleA
GetVersionExA
WaitForSingleObject
GetWindowsDirectoryA
LoadLibraryA

msvcrt

_mbscmp
_acmdln
__getmainargs
memcpy
memset
__p__commode
_getcwd
__p__fmode
_initterm
strtok
_amsg_exit
_XcptFilter
__set_app_type
?terminate@@YAXXZ
_mbsicmp
_controlfp
exit
_exit
memmove
__setusermatherr
_mbsinc
_mbschr
_access
strstr
_mbsupr
malloc
_adjust_fdiv
_mbsstr
_ismbblead
_cexit
strchr

advapi32

GetTokenInformation
AdjustTokenPrivileges
CloseServiceHandle
RegEnumKeyExA
RegDeleteKeyA
ControlService
RegSetValueExA
RegOpenKeyExA
EqualSid
RegQueryValueExA
AllocateAndInitializeSid
FreeSid
RegCloseKey
DeleteService
OpenProcessToken
OpenSCManagerA
LookupPrivilegeValueA
RegDeleteValueA
OpenServiceA

user32

LoadIconA
MessageBoxA
wsprintfA
SendMessageA
ExitWindowsEx
LoadStringA
FindWindowA

setupapi

SetupDiCallClassInstaller
SetupDiOpenDevRegKey
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
SetupDiDeleteDeviceInfo
SetupDiGetClassDevsA

ntdll

RtlUnwind

Sections

.text
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 127KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

09748c5ab47ec08fddd3dd445c72de29

Headers

File Characteristics

Imports

kernel32

msvcrt

advapi32

user32

setupapi

ntdll

Sections

.text Size: 63KB - Virtual size: 62KB

.rdata Size: 3KB - Virtual size: 12KB

.data Size: 127KB - Virtual size: 1.1MB

.rsrc Size: 3KB - Virtual size: 2KB

.text
Size: 63KB - Virtual size: 62KB

.rdata
Size: 3KB - Virtual size: 12KB

.data
Size: 127KB - Virtual size: 1.1MB

.rsrc
Size: 3KB - Virtual size: 2KB