9507b2f5fc12acaf1e975feaae6882af_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

9507b2f5fc12acaf1e975feaae6882af_JaffaCakes118
Size

317KB
MD5

9507b2f5fc12acaf1e975feaae6882af
SHA1

b906847a54abfad2456b9ecf713c9ae1c5f27689
SHA256

5aea75743189b78013ad287c98bcac9ff78c2070fa85c965da874f7a6b4c1e47
SHA512

fc44f790045b6f32dab39b83e4166895df1f263eb1769f38c40e246bc33710d9ed0c5509066ec4b0af2f62d2571d74f2ff964b1a9ee98e156a774dfe679bdf60
SSDEEP

6144:z0SjZxFz4l2GldtW8CZB2VN7lgtKyGtRuK7FCtmg0+mrBdUNqoTSY9BCm3aEv:794sqdtW8C6X1yGtRNvgyH84rE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9507b2f5fc12acaf1e975feaae6882af_JaffaCakes118

Files

9507b2f5fc12acaf1e975feaae6882af_JaffaCakes118
.exe windows:5 windows x86 arch:x86

4454dbc033ed01f29cc099a4014dc614

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

tapi32

lineGetDevCapsW
lineClose
lineShutdown
lineInitializeExW
lineGetID
lineOpen
lineNegotiateAPIVersion

user32

wsprintfA

ole32

CoCreateInstance
CoInitializeEx
CoUninitialize

ntdll

NtAllocateVirtualMemory
RtlUshortByteSwap
LdrGetDllHandle

advapi32

RegOpenKeyW
OpenSCManagerA
RegOpenKeyExA
OpenServiceA
StartServiceA
CloseServiceHandle
RegOpenKeyA
RegQueryValueExW
RegSetValueExA
RegQueryValueExA
QueryServiceStatus
ChangeServiceConfigA
RegEnumKeyA
RegCloseKey

setupapi

SetupDiCreateDeviceInfoList
SetupDiEnumDeviceInfo
SetupGetSourceFileLocationA
SetupOpenMasterInf
SetupDiCallClassInstaller
SetupDiGetClassDevsW
SetupGetSourceInfoA
SetupCloseInfFile
SetupDiSetClassInstallParamsA
SetupDiOpenDevRegKey
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInstanceIdW
SetupPromptForDiskA

kernel32

GetShortPathNameW
WideCharToMultiByte
VirtualQuery
GetModuleHandleA
HeapAlloc
GlobalFree
GetLastError
VirtualFree
GetProcAddress
MultiByteToWideChar
GetStringTypeA
Sleep
VirtualProtect
WriteFile
FreeLibrary
LoadLibraryA
GetProcessHeap
HeapFree
GetCPInfo
LoadLibraryW
ExitProcess
lstrcmpiW
FormatMessageA
GetTickCount
GetSystemInfo
GetTempPathW
LCMapStringA
CreateDirectoryW
CloseHandle
lstrcmpA
lstrcmpiA
lstrcpyA
VirtualAlloc
DeleteFileW
GetVersionExA
GetTempFileNameW
GlobalAlloc
GetStringTypeW
LCMapStringW
lstrlenW
lstrlenA
CreateFileA

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 287KB - Virtual size: 286KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4454dbc033ed01f29cc099a4014dc614

Headers

DLL Characteristics

File Characteristics

Imports

tapi32

user32

ole32

ntdll

advapi32

setupapi

kernel32

Sections

.text Size: 15KB - Virtual size: 15KB

.rsrc Size: 287KB - Virtual size: 286KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 3KB - Virtual size: 1.4MB

.tls Size: 512B - Virtual size: 4KB

.text
Size: 15KB - Virtual size: 15KB

.rsrc
Size: 287KB - Virtual size: 286KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 3KB - Virtual size: 1.4MB

.tls
Size: 512B - Virtual size: 4KB