6fe26a5f3e6e24b2017fc858ace3934a_JaffaCakes118

General

Target

6fe26a5f3e6e24b2017fc858ace3934a_JaffaCakes118
Size

184KB
MD5

6fe26a5f3e6e24b2017fc858ace3934a
SHA1

e3fcdb3065714fa25822e4a6ae9eaa1d5d4f732a
SHA256

47a2378f3c53369fd9d3e375129a9334b5b09ab8e8d06e2582a075899200123f
SHA512

fdaedb63f223397c7b6e4227e0b408eb78f08d1d0163b4d59cfa692fe12bd7faaf223db505ec004d41292737e9fbecbd9160de606d5f869a3d507b77f66a4860
SSDEEP

3072:tfPU0kFFDjlDSXjxa/VgerJf5X2zNq9yR2gZ/Oy2s9e+MeKxzdpssU4nA2K8FdH3:FPKFFDSXF8Vn1fF2zJ4E3ZebXpssU4AI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6fe26a5f3e6e24b2017fc858ace3934a_JaffaCakes118

Files

6fe26a5f3e6e24b2017fc858ace3934a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4891fc44c16ae4311926116dab5e15a6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegSetValueExA
RegCreateKeyExA
CloseServiceHandle
CreateServiceA
StartServiceA
OpenServiceA
DeleteService
OpenSCManagerA
CryptReleaseContext
CryptGenRandom
CryptAcquireContextA
RegOpenKeyExA

ole32

CoInitialize
CoCreateGuid
CoCreateInstance

shlwapi

StrStrIA
SHEnumValueA
SHEnumKeyExA
SHGetValueA
SHSetValueA

rpcrt4

UuidToStringA

shell32

SHGetSpecialFolderPathA

user32

wsprintfA

imagehlp

ImageNtHeader

kernel32

FindFirstFileA
GetFileAttributesA
GetPrivateProfileStringA
FindNextFileA
WideCharToMultiByte
GetFileAttributesExA
SetFileTime
SleepEx
GetLocalTime
GetVersionExA
GetModuleHandleA
GetStartupInfoA
GetSystemDirectoryA
lstrlenA
GetLastError
CloseHandle
CreateFileA
ExitProcess

msvcrt

tolower
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
fwrite
fopen
strlen
sprintf
ispunct
strcat
strcpy
free
memcmp
memcpy
malloc
memset
time
isupper
isalpha
fclose
isalnum
islower
isgraph
strncpy
rand
wcscpy
isxdigit
mbstowcs
srand
atoi
isspace
??2@YAPAXI@Z
wctomb
__mb_cur_max
strerror
printf
_exit
_XcptFilter

Sections

.text
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4891fc44c16ae4311926116dab5e15a6

Headers

File Characteristics

Imports

advapi32

ole32

shlwapi

rpcrt4

shell32

user32

imagehlp

kernel32

msvcrt

Sections

.text Size: 52KB - Virtual size: 49KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 108KB - Virtual size: 105KB

.text
Size: 52KB - Virtual size: 49KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 108KB - Virtual size: 105KB