945e0e8d966828a42ebfc48653169866_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

945e0e8d966828a42ebfc48653169866_JaffaCakes118
Size

127KB
MD5

945e0e8d966828a42ebfc48653169866
SHA1

1c434e3c18ed795f95506d46ac106d2222dd73d9
SHA256

88ba29bdb342d66ae10d24b0d5ad892da60e8fcc24d760091d168e29bc2f32cc
SHA512

974123c9d9c0f27cc468bedd44f882d13b7688910910759b4161e2f1e29eca6cdc3fd529f2d74d31ddd14752678817b624beeae2be85cb521b3264c454b7a3e7
SSDEEP

3072:iYMiqKAd4DNNwQOgSYj/ScKr9E8FXZVNJKZLNVEBo:jZS4DzSYj/Sl9FzKZb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
945e0e8d966828a42ebfc48653169866_JaffaCakes118

Files

945e0e8d966828a42ebfc48653169866_JaffaCakes118
.exe windows:4 windows x86 arch:x86

18f07dbc623a2d34d14e81b9d2c452c3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

LookupPrivilegeValueA
GetTokenInformation
DeleteService
CreateServiceA
ControlService
CloseServiceHandle
AdjustTokenPrivileges
SetServiceStatus
SetSecurityDescriptorDacl
SetEntriesInAclA
RegisterServiceCtrlHandlerA
RegSetValueExA
RegEnumKeyA
InitializeSecurityDescriptor
StartServiceCtrlDispatcherA
OpenProcessToken
FreeSid
AllocateAndInitializeSid
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

setupapi

SetupGetFileCompressionInfoA
SetupGetInfFileListA
SetupScanFileQueueA
SetupInstallFilesFromInfSectionA
SetupOpenAppendInfFileA
SetupOpenFileQueue
SetupGetSourceFileLocationA
SetupGetSourceFileSizeA
SetupCloseFileQueue
SetupCloseInfFile
SetupCommitFileQueueA
SetupDecompressOrCopyFileA
SetupRemoveFileLogEntryA
SetupOpenLog
SetupCloseLog
SetupInitializeFileLogA
SetupQueryFileLogA
SetupLogErrorA

kernel32

LCMapStringW
LCMapStringA
GetTickCount
QueryPerformanceCounter
VirtualQuery
InterlockedExchange
HeapSize
InitializeCriticalSection
GetOEMCP
GetACP
RtlUnwind
GetSystemTimeAsFileTime
GetProcessHeap
SetSystemPowerState
GetCPInfo
GetLocalTime
GetCurrentProcessId
GetFileTime
GetTimeFormatA
DeviceIoControl
WaitForSingleObject
LoadLibraryA
CreateProcessA
SetFileAttributesA
WriteConsoleW
VirtualProtect
BeginUpdateResourceA
GetSystemInfo
GetWindowsDirectoryA
ExitProcess
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
HeapFree
HeapAlloc
GetStartupInfoA
GetCommandLineA
GetVersionExA
TlsAlloc
SetLastError
GetCurrentThreadId
GetLastError
TlsFree
TlsSetValue
TlsGetValue
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
WriteFile
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
GetLocaleInfoA

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 421KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

18f07dbc623a2d34d14e81b9d2c452c3

Headers

File Characteristics

Imports

advapi32

setupapi

kernel32

Sections

.text Size: 38KB - Virtual size: 37KB

.rdata Size: 50KB - Virtual size: 50KB

.data Size: 32KB - Virtual size: 421KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 38KB - Virtual size: 37KB

.rdata
Size: 50KB - Virtual size: 50KB

.data
Size: 32KB - Virtual size: 421KB

.reloc
Size: 5KB - Virtual size: 4KB