85afa79cb257363382de90f1f96070f9_JaffaCakes118

General

Target

85afa79cb257363382de90f1f96070f9_JaffaCakes118
Size

54KB
MD5

85afa79cb257363382de90f1f96070f9
SHA1

9cf45864eb0771a0083283354dc9b15a4473974e
SHA256

17602f4f63651e1c8f7ff5853f6cba20be5ca8c3a594ec81339fa8403a7ae44b
SHA512

1c76de276c7630e1d0239fb2936dc2389bc77772d9c50b79feec94688c7e0c6e3cdeed0a4debf8687734a6e4cc6752adce6dd6d3fba9ad512a35fec613b30f2e
SSDEEP

768:AZGMTfRwdRRp4tlcDUCtI61n99HV1/PDA6INP2xnxie7xW29IVctDBxk4:AZGif+3539HV1/UDP+isxWG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
85afa79cb257363382de90f1f96070f9_JaffaCakes118

Files

85afa79cb257363382de90f1f96070f9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b66a8b379107a506d51c701a4874d20f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SizeofResource
FreeResource
GetTimeFormatA
InterlockedExchange
SetLastError
FreeLibrary
LoadLibraryW
ExitProcess
GetCurrentProcessId
GetFileTime
GetModuleFileNameW
GetDiskFreeSpaceW
FindNextChangeNotification
FindCloseChangeNotification
FindFirstChangeNotificationW
GetVolumeInformationA
QueryPerformanceCounter
LockResource
GetLocalTime
CreateFileA
GetModuleHandleW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
RemoveDirectoryA
MoveFileA
FindNextFileA
FindFirstFileA
TlsGetValue
TlsSetValue
TlsAlloc
GetCurrentThreadId
GetCommandLineA
GetModuleHandleA
LoadResource
FindResourceA
GetDateFormatA
MoveFileExW
CreateFileW
GetVolumeInformationW
GetSystemTime
GetWindowsDirectoryW
GetStartupInfoA

advapi32

RegOpenKeyExA
OpenSCManagerA
RegQueryValueExA
OpenServiceA
OpenThreadToken
QueryServiceStatus
RegCloseKey

ole32

CoUninitialize
CoInitialize
CoCreateInstance
CoRevokeClassObject
CoSuspendClassObjects
OleCreate
StgCreateDocfile
OleSetContainedObject

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
calloc
memset
exit
free
malloc
strcat
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv

Sections

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 293KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b66a8b379107a506d51c701a4874d20f

Headers

File Characteristics

Imports

kernel32

advapi32

ole32

msvcrt

Sections

.text Size: 30KB - Virtual size: 29KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 2KB - Virtual size: 293KB

.rsrc Size: 1024B - Virtual size: 880B

.text
Size: 30KB - Virtual size: 29KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 2KB - Virtual size: 293KB

.rsrc
Size: 1024B - Virtual size: 880B