709d77856c65f5e66330417e8d85c038_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

709d77856c65f5e66330417e8d85c038_JaffaCakes118
Size

324KB
MD5

709d77856c65f5e66330417e8d85c038
SHA1

230b55c8a0586e40f5947ce79da15ad8b5029dcc
SHA256

e4dbd24c864238710c2d0725fdbe8fa9e1c1efc36cd5df42ef2257af63900f92
SHA512

ab7f511608084c74029309e1d2acf3e4f643ebd8dd51de0552c2aee14cd63f98c7b541da7f646754b5e72ee90c0f424b81418ff7bf31101ea758fe3fb3c8128e
SSDEEP

6144:53c5mcJ5ubgnCwUs8smF6DSGLAV6MKS37ed3mZWYfWfz5C/67SvgD4K:5M535JnCRs8smF6DzPMKS3C80vCCSID

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
709d77856c65f5e66330417e8d85c038_JaffaCakes118

Files

709d77856c65f5e66330417e8d85c038_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f1d1b3bd4cfa703442120f28749ad364

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

OpenServiceA
RegOpenKeyA
QueryServiceStatus
StartServiceA
ChangeServiceConfigA
RegQueryValueExW
OpenSCManagerA
RegEnumKeyA
RegCloseKey
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyW
CloseServiceHandle

ntdll

LdrGetDllHandle
RtlUshortByteSwap
NtAllocateVirtualMemory

tapi32

lineShutdown
lineGetID
lineNegotiateAPIVersion
lineClose
lineGetDevCapsW
lineOpen
lineInitializeExW

ole32

CoUninitialize
CoCreateInstance
CoInitializeEx

setupapi

SetupDiGetDeviceInstanceIdW
SetupDiEnumDeviceInfo
SetupGetSourceInfoA
SetupCloseInfFile
SetupDiCallClassInstaller
SetupDiSetClassInstallParamsA
SetupDiCreateDeviceInfoList
SetupGetSourceFileLocationA
SetupDiDestroyDeviceInfoList
SetupDiOpenDevRegKey
SetupOpenMasterInf
SetupDiGetClassDevsW
SetupPromptForDiskA

user32

wsprintfA

kernel32

GetShortPathNameW
LCMapStringW
GetProcAddress
MultiByteToWideChar
CreateDirectoryW
LoadLibraryA
GlobalFree
WideCharToMultiByte
CloseHandle
GetStringTypeW
ExitProcess
GetProcessHeap
GetSystemInfo
lstrlenW
GetTempFileNameW
FreeLibrary
CreateFileA
lstrcmpiA
VirtualQuery
GetCPInfo
GetStringTypeA
Sleep
GetTickCount
DeleteFileW
GetModuleHandleA
HeapAlloc
lstrlenA
LCMapStringA
lstrcmpA
lstrcmpiW
GetVersionExA
GlobalAlloc
VirtualProtect
HeapFree
VirtualAlloc
HeapReAlloc
VirtualFree
GetLocaleInfoA
GetLastError
WriteFile
lstrcpyA
FormatMessageA

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 294KB - Virtual size: 294KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f1d1b3bd4cfa703442120f28749ad364

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

ntdll

tapi32

ole32

setupapi

user32

kernel32

Sections

.text Size: 15KB - Virtual size: 15KB

.rsrc Size: 294KB - Virtual size: 294KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 3KB - Virtual size: 1.4MB

.tls Size: 512B - Virtual size: 4KB

.text
Size: 15KB - Virtual size: 15KB

.rsrc
Size: 294KB - Virtual size: 294KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 3KB - Virtual size: 1.4MB

.tls
Size: 512B - Virtual size: 4KB