70121ad3f5c8fb91122933081d2e9fa9_JaffaCakes118

General

Target

70121ad3f5c8fb91122933081d2e9fa9_JaffaCakes118
Size

220KB
MD5

70121ad3f5c8fb91122933081d2e9fa9
SHA1

e62de00526ad2966a16900d4f2d5c8d4123e5f49
SHA256

626ccab29cab5f331f57654da3be68702cebeb73e585c3a38bc8fcd3dc33c003
SHA512

2ac197bc3f8b435055b2384581ccb8fdb983ddff6ef0250489aff82e7dde8283f4ea29404a0eb127f72f7cc855a47c193fa87353a562cbca6e8bbf3378fc9af2
SSDEEP

3072:b/WJnVA3TCwDuoqALZPxdyHf+IQm3/4VWq1ArVVdzaQd50Y1bYe9pcB1XzCLZBzq:b/WJnO9jLZPzmsM0EKC0gbYeMTkamt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
70121ad3f5c8fb91122933081d2e9fa9_JaffaCakes118

Files

70121ad3f5c8fb91122933081d2e9fa9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2fa52687c20f4032d375ccb177676f05

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThreadId
SetLastError
CreateProcessA
CreateThread
GetModuleHandleA
GetProcAddress
GetWindowsDirectoryA
CreateMutexA
Sleep
GetModuleFileNameA
GetLastError
CreateEventA
CloseHandle
WaitForSingleObject
DeleteFileA
SetEvent
GetVolumeInformationA
GetLocalTime
ResumeThread
TlsSetValue
ExitThread
HeapAlloc
GetCommandLineA
GetVersion
ExitProcess
EnterCriticalSection
LeaveCriticalSection
HeapFree
InitializeCriticalSection
TlsAlloc
TlsGetValue
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
RtlUnwind
ReadFile
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
VirtualAlloc
HeapReAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
InterlockedDecrement
InterlockedIncrement
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
SetStdHandle
FlushFileBuffers
CreateFileA
GetCPInfo
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetACP
GetOEMCP
LoadLibraryA
SetEndOfFile
GetStringTypeA
GetStringTypeW

advapi32

RegQueryValueExA
StartServiceCtrlDispatcherA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
OpenServiceA
ControlService
QueryServiceStatus
DeleteService
OpenSCManagerA
CreateServiceA
CloseServiceHandle
SetServiceStatus
RegCloseKey
RegOpenKeyA

shlwapi

PathFileExistsA

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 180KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2fa52687c20f4032d375ccb177676f05

Headers

File Characteristics

Imports

kernel32

advapi32

shlwapi

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 180KB - Virtual size: 184KB

.rsrc Size: 4KB - Virtual size: 2KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 180KB - Virtual size: 184KB

.rsrc
Size: 4KB - Virtual size: 2KB