8e55ebfcded843430f01f88752e33a30_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8e55ebfcded843430f01f88752e33a30_JaffaCakes118
Size

564KB
MD5

8e55ebfcded843430f01f88752e33a30
SHA1

bb4c99eefce7db14a8a049c52b30d8f7434c2b09
SHA256

74010de4b7c3a6029500f54b9c1727ea208704662e3819a5d87fe32a8c0b2194
SHA512

94a2a3abc28b942f03a72ec218efdcd76e5f19ddd787a7d6987bc6591b7e06afebc5ddad1482f610d258673d0389bbc6619e0cad86022abbbcb73aef10347b56
SSDEEP

12288:OvBQjHmSKPOOC30arpeumIev3DmGIsJ6F/3Ewrlu:mKGSOU0arpevDI8WBu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8e55ebfcded843430f01f88752e33a30_JaffaCakes118

Files

8e55ebfcded843430f01f88752e33a30_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ba6c193e57e04835e75f9d09eb8808e9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

htonl
getprotobyname
ioctlsocket
WSAAccept

shell32

SHAddToRecentDocs
ExtractIconA

advapi32

RegReplaceKeyW
GetSecurityDescriptorGroup
EnumDependentServicesW
QueryServiceConfigA
GetLengthSid
ControlService
CloseEventLog
RegDeleteKeyW
CreateServiceA
AllocateAndInitializeSid
CopySid
StartServiceA
GetSidLengthRequired
RegEnumValueW
MapGenericMask
RevertToSelf
CryptGetUserKey
RegRestoreKeyW
AddAce
GetSidIdentifierAuthority
StartServiceCtrlDispatcherW

version

VerFindFileA

kernel32

FreeEnvironmentStringsA
ExpandEnvironmentStringsW
EnumResourceLanguagesW
SetThreadPriorityBoost
_lclose
ReadDirectoryChangesW
GetCommConfig
MoveFileExA
VirtualQuery
GenerateConsoleCtrlEvent
ExitProcess
GlobalFindAtomA
EnumResourceNamesW
DuplicateHandle
SetLastError
GetFileInformationByHandle

user32

PostQuitMessage
MapWindowPoints
GetMenuItemCount
RegisterClassExA
DestroyAcceleratorTable
GetMessageTime
SetDlgItemTextA
GetMessageA
RegisterDeviceNotificationW

oleaut32

SafeArrayUnaccessData
LoadTypeLi
SysAllocStringLen
VariantChangeType
SysStringLen
SetErrorInfo

msvcrt

_spawnlp
iswctype
ftell
_wgetenv
_mbsrchr
_itoa
fputws
_mbsicmp
mktime
asctime
exit
_snprintf
_fdopen

Sections

.text
Size: 10KB - Virtual size: 258KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 260KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ba6c193e57e04835e75f9d09eb8808e9

Headers

File Characteristics

Imports

ws2_32

shell32

advapi32

version

kernel32

user32

oleaut32

msvcrt

Sections

.text Size: 10KB - Virtual size: 258KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 260KB - Virtual size: 260KB

.rsrc Size: 16KB - Virtual size: 16KB

.text
Size: 10KB - Virtual size: 258KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 260KB - Virtual size: 260KB

.rsrc
Size: 16KB - Virtual size: 16KB