744f0ece8e76156f13d5100d90283a38_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

744f0ece8e76156f13d5100d90283a38_JaffaCakes118
Size

29KB
MD5

744f0ece8e76156f13d5100d90283a38
SHA1

9d5d2cb808405d7e6cab079e580676825121f7fe
SHA256

a7c8ec264341eeab74b6c5af16c3563cb46201030e81a22eb7d4519e0f222891
SHA512

2259cc548e0606ddcfb2d0884e74827080256e5f85956b3157f79d4bbabeb4e40c3052ab7d7407bb02ea05c901842cefca246a7de2124eb6f4debf53bdf92e67
SSDEEP

768:mVc877io7GvM/Uch3UM3YLSJ333IZ3JODCx:lVM/Us3ZoLSJ3nIZgw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
744f0ece8e76156f13d5100d90283a38_JaffaCakes118

Files

744f0ece8e76156f13d5100d90283a38_JaffaCakes118
.exe windows:4 windows x86 arch:x86

41b86f5cff5139c96196d5a41cf8f83a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

LookupPrivilegeValueA
OpenProcessToken
RegOpenKeyExA
RegCloseKey
RegQueryValueExA

kernel32

DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
LocalFree
WriteFile
TlsGetValue
LocalAlloc
ReadFile
SetEndOfFile
GetSystemTime
GetStdHandle
MultiByteToWideChar
VirtualAlloc
TlsSetValue
WideCharToMultiByte
GetFileSize
SetFilePointer
VirtualFree
GetFileType
CreateFileA
CloseHandle
CloseHandle
LockResource
SetErrorMode
VirtualFree
CreateDirectoryA
ReadFile
GetFileSize
GetEnvironmentVariableA
SetFilePointer
CreateFileA
SetLastError
IsDBCSLeadByte
VirtualQuery
SizeofResource
GetModuleFileNameA
GetSystemInfo
WriteFile
LoadLibraryA
InterlockedExchange
LoadResource
GetSystemDefaultLCID
GetUserDefaultLangID
SetEndOfFile
RemoveDirectoryA
Sleep
GetLocaleInfoA
GetFileAttributesA
DeleteFileA
GetFullPathNameA
GetCurrentProcess
VirtualAlloc
FindResourceA
GetVersionExA
GetCommandLineA
GetACP
CreateProcessA
FormatMessageA
GetExitCodeProcess
VirtualProtect
GetWindowsDirectoryA

oleaut32

VariantChangeTypeEx
SysStringLen
VariantCopyInd
VariantClear
SysAllocStringLen

comctl32

InitCommonControls

winspool.drv

EnumPrinterDataA

Sections

CONST
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

4eafbDDj
Size: 13KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

41b86f5cff5139c96196d5a41cf8f83a

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

oleaut32

comctl32

winspool.drv

Sections

CONST Size: 7KB - Virtual size: 6KB

.data Size: 6KB - Virtual size: 9KB

.rdata Size: 2KB - Virtual size: 1KB

4eafbDDj Size: 13KB - Virtual size: 43KB

CONST
Size: 7KB - Virtual size: 6KB

.data
Size: 6KB - Virtual size: 9KB

.rdata
Size: 2KB - Virtual size: 1KB

4eafbDDj
Size: 13KB - Virtual size: 43KB