84a5954dea3886f956154c0c62b94361_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

84a5954dea3886f956154c0c62b94361_JaffaCakes118
Size

164KB
MD5

84a5954dea3886f956154c0c62b94361
SHA1

561c45aea35a379389b01b1187fe112ff5cc7b72
SHA256

b27c5ddf3e6b921f8bd49ceea165dcae820754d1a68fa1d876228706111072cd
SHA512

acb43f8ac62a1696128f1581173f978b3a05fbb1ac057fd14419198f3fb414276b77459f8585f68943d64feb0f9636d73ce1b91f265d1053c2ce87ada876f6ed
SSDEEP

3072:S+Mal4Wx9yfhIVY0iUq5e6bftUNhLEmb7jrcE870NIfYKpMBro9cCxMFII:ryWu29hq86btEXcEJefYKpMGAII

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
84a5954dea3886f956154c0c62b94361_JaffaCakes118

Files

84a5954dea3886f956154c0c62b94361_JaffaCakes118
.exe windows:4 windows x86 arch:x86

92e8d6af06be29f150e9135ef11890f1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

OpenThreadToken
AllocateAndInitializeSid
RegCreateKeyExA
RegQueryInfoKeyW
RegEnumKeyExW
RegQueryValueExW

msvcrt

_onexit
_wcsnicmp
sprintf
wcscpy
wcscat
wcscmp
__p__fmode
__CxxFrameHandler
_initterm
exit

version

GetFileVersionInfoSizeA
GetFileVersionInfoA

gdi32

CombineRgn
AngleArc
ExtTextOutA
AngleArc
GetDIBits
CreateFontIndirectA
RealizePalette
CreateBitmap
GetStockObject
IntersectClipRect
CreateRectRgn
GetObjectA

kernel32

CloseHandle
GetVersion
GetLastError
InterlockedCompareExchange
GetCommandLineA
GetTickCount
lstrlenW
VirtualAlloc
GetModuleFileNameA
ExitProcess
CreateThread
MultiByteToWideChar
VirtualFree
HeapDestroy
InterlockedExchange
GetModuleHandleA
GetProcAddress
GetCurrentProcess
CreateEventW
GetModuleFileNameA
GetCommandLineA
VirtualFree
VirtualAlloc
GetProcessHeap
GetVersion
lstrlenA
GetLastError
GetTickCount
CompareStringA
GetModuleHandleA
CreateProcessW
GetCurrentProcess
ExitProcess

ntdll

NtDeleteKey
RtlGUIDFromString
NtQueryPerformanceCounter
NtQueryKey
_wcsicmp
RtlSetDaclSecurityDescriptor
NtOpenThreadToken
RtlUnicodeStringToAnsiString
RtlDeleteResource
RtlAllocateHeap
RtlInitializeGenericTable
NtReadFile

user32

TrackPopupMenu
LoadCursorA
EnumChildWindows

Sections

.text
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 66KB - Virtual size: 384KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 64KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

92e8d6af06be29f150e9135ef11890f1

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

msvcrt

version

gdi32

kernel32

ntdll

user32

Sections

.text Size: 8KB - Virtual size: 9KB

.data Size: 9KB - Virtual size: 20KB

.edata Size: 66KB - Virtual size: 384KB

.rdata Size: 64KB - Virtual size: 65KB

.rsrc Size: 16KB - Virtual size: 16KB

.text
Size: 8KB - Virtual size: 9KB

.data
Size: 9KB - Virtual size: 20KB

.edata
Size: 66KB - Virtual size: 384KB

.rdata
Size: 64KB - Virtual size: 65KB

.rsrc
Size: 16KB - Virtual size: 16KB