85d4eded15975fca272b85dae35a5d61_JaffaCakes118

General

Target

85d4eded15975fca272b85dae35a5d61_JaffaCakes118
Size

212KB
MD5

85d4eded15975fca272b85dae35a5d61
SHA1

65a44303ab4160d670285f937ae94c3f76677979
SHA256

a52bbfa1f78c9382db38c1896d4e43c9979a97dd9bf08b9e10373eaa125c396f
SHA512

7867e32846443be9a63d8272aae689f1836d297eff182cde4ef670d2d2814587b9b128cef05bc68ef97ede08fb5be8a871d8d30a5a44c9e00fb2f49d1be6d247
SSDEEP

6144:JOs1/b7wr20ykM3zdy/sap5TRFZhCuBEYDOB:JOs1/va3ykodyh5TZtX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
85d4eded15975fca272b85dae35a5d61_JaffaCakes118

Files

85d4eded15975fca272b85dae35a5d61_JaffaCakes118
.exe windows:4 windows x86 arch:x86

743f3f1d0030e4e29d825bdecfef8d8e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Cokit.pdb

Imports

kernel32

Module32First
CreateToolhelp32Snapshot
CloseHandle
WriteConsoleW
LoadLibraryA
GetCurrentProcess
SetEvent
SizeofResource
GetDateFormatA
GetModuleHandleA
GetVersionExA
OpenProcess
GetSystemTime
GetVolumeInformationA
CreateFileA
QueryPerformanceCounter
HeapFree
HeapAlloc
GetStartupInfoA
GetCommandLineA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
ExitProcess
GetProcAddress
TerminateProcess
WriteFile
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetACP
GetOEMCP
GetCPInfo
RtlUnwind
InterlockedExchange
VirtualQuery
HeapSize
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
VirtualProtect
GetSystemInfo

advapi32

OpenSCManagerA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
AllocateAndInitializeSid
FreeSid
OpenProcessToken
StartServiceCtrlDispatcherA
InitializeSecurityDescriptor
RegEnumKeyA
RegSetValueExA
RegisterServiceCtrlHandlerA
SetEntriesInAclA
SetSecurityDescriptorDacl
SetServiceStatus
CreateServiceA
DeleteService
QueryServiceStatus
OpenThreadToken
OpenServiceA
LookupPrivilegeValueW
GetTokenInformation

Sections

.text
Size: 84KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 534KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

743f3f1d0030e4e29d825bdecfef8d8e

Headers

File Characteristics

PDB Paths

Imports

kernel32

advapi32

Sections

.text Size: 84KB - Virtual size: 82KB

.data Size: 64KB - Virtual size: 534KB

.rsrc Size: 60KB - Virtual size: 59KB

.text
Size: 84KB - Virtual size: 82KB

.data
Size: 64KB - Virtual size: 534KB

.rsrc
Size: 60KB - Virtual size: 59KB