8c42abac17289db7fffc81a3e1571518_JaffaCakes118

General

Target

8c42abac17289db7fffc81a3e1571518_JaffaCakes118
Size

127KB
MD5

8c42abac17289db7fffc81a3e1571518
SHA1

263d51b443f02c7953f04163324ccef68c2876d5
SHA256

c4e7f4fe80b0a6d66b447d465b300299c6586db08e857d200d5e0cda5f2f7044
SHA512

050baf768a113e094b34863500c969114ad37b9836e28ccb6d1e1a2df06ad2edc42e2e8c9672ca53f992441308514a03c03fe1a6622f029aa18d97609fc031be
SSDEEP

3072:KcESYPi9mF40HlbhyOwuHfi+56DSxRwMT+gg5ggCT6odKP0VLI/:UZPi9sVlbqU6+1PMCT67MVLY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8c42abac17289db7fffc81a3e1571518_JaffaCakes118

Files

8c42abac17289db7fffc81a3e1571518_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c690994a8f1979ee080b86a787c1175f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_controlfp
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
strstr
__CxxFrameHandler
time
srand
rand
??3@YAXPAX@Z
??2@YAPAXI@Z
_except_handler3
malloc
realloc

kernel32

GetStartupInfoA
GetModuleHandleA
GetCommandLineA
FreeLibrary
GetProcAddress
LoadLibraryA
HeapAlloc
GetProcessHeap
Process32Next
ExitProcess
CloseHandle
GetCurrentProcess
lstrlenA
WriteFile
GlobalFree
GlobalAlloc
SetFileTime
LocalFileTimeToFileTime
SetUnhandledExceptionFilter
GetLastError
Sleep
lstrcatA
DeleteFileA
lstrcpyA

advapi32

OpenServiceA
OpenSCManagerA
RegOpenKeyExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegSetKeySecurity
RegCloseKey
FreeSid

user32

IsCharAlphaNumericA

shell32

SHGetSpecialFolderPathA

dbghelp

MakeSureDirectoryPathExists

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c690994a8f1979ee080b86a787c1175f

Headers

File Characteristics

Imports

msvcrt

kernel32

advapi32

user32

shell32

dbghelp

Sections

.text Size: 10KB - Virtual size: 10KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 3KB - Virtual size: 5KB

.rsrc Size: 108KB - Virtual size: 108KB

.text
Size: 10KB - Virtual size: 10KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 3KB - Virtual size: 5KB

.rsrc
Size: 108KB - Virtual size: 108KB