883279176c504ae7ea25ae1e0c7bd009_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

883279176c504ae7ea25ae1e0c7bd009_JaffaCakes118
Size

2.7MB
MD5

883279176c504ae7ea25ae1e0c7bd009
SHA1

7fedeeb500922be05f86b90549d77ba89e93ed8d
SHA256

8f4829c8510941a3f1f97126143936f4983ae65bc076e7be33c6905013496eb8
SHA512

c21d8b3dc75271c82241995b20ca069549819b19ac5602289b7614d1054d6ae9c17aec0e8c811b41c5c045b98557529f0e97e018a4911ed9c1c30f7fde4c6394
SSDEEP

49152:Xnj+w/pszcPJ5alUqAJb6BY7exsr6cluMjWfDyEgGRGahWTPuafQAG:Xnjd/qzNUv6BY7E9cMbIGQiWTPuaf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
883279176c504ae7ea25ae1e0c7bd009_JaffaCakes118

Files

883279176c504ae7ea25ae1e0c7bd009_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2c839b586ba05a353627d4afb1006a3e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

ChangeServiceConfig2A
DeleteService
GetSecurityDescriptorControl
GetTokenInformation
GetUserNameA
InitializeSecurityDescriptor
RegCreateKeyExA
RegDeleteValueA
RegOpenKeyExA
RegQueryInfoKeyA
RegQueryValueExA
SetSecurityDescriptorDacl
UnlockServiceDatabase

kernel32

AddAtomA
CloseHandle
CompareStringA
CreateDirectoryA
CreateEventA
CreateFileA
CreateFileMappingA
CreateMutexA
CreateProcessA
CreateThread
DeleteCriticalSection
DeviceIoControl
DisableThreadLibraryCalls
DuplicateHandle
EnterCriticalSection
EnumSystemLocalesA
ExitProcess
ExitThread
FileTimeToLocalFileTime
FreeEnvironmentStringsA
GetCPInfo
GetComputerNameA
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentThreadId
GetDriveTypeA
GetEnvironmentStringsA
GetLastError
GetLocalTime
GetModuleHandleA
GetPrivateProfileStringA
GetProcAddress
GetProcessHeap
GetShortPathNameA
GetStdHandle
GetSystemDirectoryA
GetTempFileNameA
GetTickCount
GetTimeZoneInformation
GetUserDefaultLCID
GetVersionExA
GetWindowsDirectoryA
GlobalAlloc
HeapAlloc
HeapDestroy
HeapSize
InitializeCriticalSection
InterlockedDecrement
InterlockedExchange
IsValidLocale
LCMapStringA
LoadLibraryExA
LoadResource
LocalAlloc
LocalFree
LockResource
MapViewOfFile
Module32First
MoveFileA
OpenProcess
QueryPerformanceCounter
RaiseException
RemoveDirectoryA
SetCurrentDirectoryA
SetEnvironmentVariableA
SetErrorMode
SetHandleCount
SetLastError
Sleep
TerminateProcess
TlsSetValue
UnmapViewOfFile
VirtualAlloc
VirtualQuery
WaitForSingleObject
lstrcmpA
lstrcmpiA
lstrcpynA
lstrlenA

ole32

CoMarshalInterThreadInterfaceInStream
CoTaskMemAlloc
CoTaskMemFree
OleLoadFromStream

user32

CharPrevA
CheckRadioButton
ClientToScreen
DefWindowProcA
DestroyMenu
DrawIcon
DrawTextA
FillRect
GetDlgItemTextA
GetKeyState
GetProcessWindowStation
InflateRect
IntersectRect
IsChild
IsWindowEnabled
KillTimer
LoadIconA
LoadStringA
MessageBeep
MessageBoxA
MsgWaitForMultipleObjects
PostMessageA
SetDlgItemTextA
UnregisterClassA
wsprintfA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Sections

CODE
Size: 926KB - Virtual size: 928KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

BSS
Size: - Virtual size: 6.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CRT
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2c839b586ba05a353627d4afb1006a3e

Headers

File Characteristics

Imports

advapi32

kernel32

ole32

user32

version

Sections

CODE Size: 926KB - Virtual size: 928KB

BSS Size: - Virtual size: 6.0MB

CRT Size: 1.8MB - Virtual size: 1.8MB

.idata Size: 3KB - Virtual size: 4KB

.rsrc Size: 3KB - Virtual size: 4KB

CODE
Size: 926KB - Virtual size: 928KB

BSS
Size: - Virtual size: 6.0MB

CRT
Size: 1.8MB - Virtual size: 1.8MB

.idata
Size: 3KB - Virtual size: 4KB

.rsrc
Size: 3KB - Virtual size: 4KB