866be1d3b1c17262ab58af19ba8b9c1d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

866be1d3b1c17262ab58af19ba8b9c1d_JaffaCakes118
Size

24KB
MD5

866be1d3b1c17262ab58af19ba8b9c1d
SHA1

fd6af8584e78e661d3eb4546a15d164cfe42566d
SHA256

901a163b11d98348d72619910cd62cffdd2785b17830e53d9b5312fd9bb3b415
SHA512

fe0f6aab9d6bdc1f6394c76d490d0351529a2efec6584d8928288793c004c25496c544c5a63ab5156ec08a9874392f6c81a12632e74767058a5e31fd48ec54c9
SSDEEP

192:fEa7VMI2/LQFrU9E1CD5PIEPb4cG60Tq8QcqqxI:fEIUTaQ9WC9L4cGr28QcXI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
866be1d3b1c17262ab58af19ba8b9c1d_JaffaCakes118

Files

866be1d3b1c17262ab58af19ba8b9c1d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7f7b294dd24cb483dc0a1fbb36f5a649

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord823
ord825
ord537
ord924
ord800

msvcrt

_strlwr
strncat
_stricmp
__CxxFrameHandler
sprintf
strstr

kernel32

lstrcpyA
SetPriorityClass
SetThreadPriority
GetEnvironmentVariableA
GetShortPathNameA
Sleep
GetCurrentProcessId
CreateJobObjectA
lstrcatA
DuplicateHandle
GetCurrentProcess
CreateFileA
OpenProcess
ExitProcess
GetModuleFileNameA
WinExec
CreateThread
GetWindowsDirectoryA
GetLastError
CreateMutexA
GetCurrentThreadId
DeleteFileA
Process32Next
Process32First
CreateToolhelp32Snapshot
ExitThread
SetFileAttributesA
CopyFileA
WriteFile
GetDriveTypeA
GetLogicalDriveStringsA
GetCurrentDirectoryA
SetProcessPriorityBoost
GetCurrentThread

user32

GetWindowThreadProcessId
FindWindowA
EnumWindows
FindWindowExA
GetWindowTextA
SendMessageA
PostThreadMessageA
GetMessageA

advapi32

RegSetValueExA
RegDeleteKeyA
RegOpenKeyA
CloseServiceHandle
QueryServiceStatus
OpenServiceA
OpenSCManagerA
RegCreateKeyA
ControlService

shell32

ShellExecuteA
ShellExecuteExA
SHChangeNotify

ntdll

ZwClose
CsrGetProcessId
RtlAdjustPrivilege
ZwFreeVirtualMemory
ZwQuerySystemInformation
ZwAllocateVirtualMemory
ZwQueryInformationProcess
ZwDuplicateObject
ZwOpenProcess
ZwTerminateJobObject
ZwAssignProcessToJobObject
ZwTerminateProcess
ZwSystemDebugControl

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7f7b294dd24cb483dc0a1fbb36f5a649

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

advapi32

shell32

ntdll

Sections

.text Size: 8KB - Virtual size: 6KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 4KB - Virtual size: 136B

.text
Size: 8KB - Virtual size: 6KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 136B