71226e3664755bdd27e504f6e6657681_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

71226e3664755bdd27e504f6e6657681_JaffaCakes118
Size

324KB
MD5

71226e3664755bdd27e504f6e6657681
SHA1

32bf4ac1671fd85be91fe506e71b7ed9cc8fe6f4
SHA256

14cfd4670c9d823e04c118546cdaf36fb64e4dbbcc883920096a5494cf041c87
SHA512

b51d2a9da4119aaf876a62d06d0deacefa6297c0916011576067894cfbeced3a808714193aac6ceaa40154fa12394803dd8be386b395002db15151e4703b224f
SSDEEP

6144:rIctQ3ylY9ymSv0mtV/Lb7jvv2TOUeYvjcBqJRyjHj/PlVbG6y0hEnqCl3:rIFt9vSv0cTTX2TvjEj1VbGh0h

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
71226e3664755bdd27e504f6e6657681_JaffaCakes118

Files

71226e3664755bdd27e504f6e6657681_JaffaCakes118
.exe windows:5 windows x86 arch:x86

0639d70c460a2dbdc4b5e1eea251f763

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

wsprintfA

kernel32

GetStringTypeW
LCMapStringA
lstrcmpA
GetStringTypeA
lstrlenW
DeleteFileW
GlobalFree
HeapReAlloc
lstrcmpiA
GetModuleHandleA
GetTempPathW
GetProcessHeap
GetCPInfo
GetSystemInfo
LCMapStringW
GlobalAlloc
WriteFile
lstrcpyA
lstrlenA
GetLastError
VirtualProtect
CloseHandle
GetProcAddress
GetTempFileNameW
GetShortPathNameW
GetVersionExA
GetLocaleInfoA
CreateFileA
Sleep
CreateDirectoryW
FormatMessageA
LoadLibraryA
FreeLibrary
LoadLibraryW
GetTickCount
VirtualAlloc
lstrcmpiW
MultiByteToWideChar
HeapFree
ExitProcess
VirtualFree
HeapAlloc

setupapi

SetupDiDestroyDeviceInfoList
SetupPromptForDiskA
SetupDiOpenDevRegKey
SetupCloseInfFile
SetupDiGetDeviceInstanceIdW
SetupDiGetClassDevsW
SetupDiSetClassInstallParamsA
SetupDiCreateDeviceInfoList
SetupGetSourceFileLocationA
SetupDiCallClassInstaller
SetupDiEnumDeviceInfo
SetupGetSourceInfoA
SetupOpenMasterInf

ole32

CoCreateInstance
CoInitializeEx
CoUninitialize

tapi32

lineInitializeExW
lineGetID
lineOpen
lineClose
lineGetDevCapsW
lineShutdown
lineNegotiateAPIVersion

advapi32

RegQueryValueExW
CloseServiceHandle
RegCloseKey
ChangeServiceConfigA
RegQueryValueExA
RegSetValueExA
OpenServiceA
RegOpenKeyA
RegEnumKeyA
RegOpenKeyW
QueryServiceStatus
RegOpenKeyExA
StartServiceA
OpenSCManagerA

ntdll

NtAllocateVirtualMemory
RtlUshortByteSwap
LdrGetDllHandle

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 294KB - Virtual size: 294KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0639d70c460a2dbdc4b5e1eea251f763

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

setupapi

ole32

tapi32

advapi32

ntdll

Sections

.text Size: 15KB - Virtual size: 15KB

.rsrc Size: 294KB - Virtual size: 294KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 3KB - Virtual size: 1.4MB

.tls Size: 512B - Virtual size: 4KB

.text
Size: 15KB - Virtual size: 15KB

.rsrc
Size: 294KB - Virtual size: 294KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 3KB - Virtual size: 1.4MB

.tls
Size: 512B - Virtual size: 4KB