956a399f3a8c73e8f787b7e71c2c849e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

956a399f3a8c73e8f787b7e71c2c849e_JaffaCakes118
Size

317KB
MD5

956a399f3a8c73e8f787b7e71c2c849e
SHA1

680213ab9dd0021c006a430c76429d437e8de10d
SHA256

f5724cf1662af30916ce21857de88509803d2ef7bf0208cc3b0c494485cf955d
SHA512

fddab4a89041be2ce884da236823e849ffa762425eccd7b159ecfd822272394a7df3e8b68775a68af2694e3d5e8c8a96ff0d5448a9dc6a85844d0fe76ca7484b
SSDEEP

6144:Wf2+A4EFq0jdKkX/FJoGHOKRBSgagPUqkhEbKOzuxovO32AuUjE+5MwKX:Wfb6qAdKYFRuyBsgPUqKEed642XU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
956a399f3a8c73e8f787b7e71c2c849e_JaffaCakes118

Files

956a399f3a8c73e8f787b7e71c2c849e_JaffaCakes118
.exe .ps1 windows:5 windows x86 arch:x86 polyglot

f3f8188205ec5d7a98c36b851f17e731

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

QueryServiceStatus
RegSetValueExA
OpenServiceA
RegOpenKeyA
ChangeServiceConfigA
RegOpenKeyW
RegCloseKey
RegQueryValueExA
RegEnumKeyA
StartServiceA
OpenSCManagerA
RegOpenKeyExA
CloseServiceHandle
RegQueryValueExW

setupapi

SetupDiEnumDeviceInfo
SetupGetSourceInfoA
SetupDiCallClassInstaller
SetupOpenMasterInf
SetupGetSourceFileLocationA
SetupDiCreateDeviceInfoList
SetupDiDestroyDeviceInfoList
SetupPromptForDiskA
SetupDiGetClassDevsW
SetupDiGetDeviceInstanceIdW
SetupDiOpenDevRegKey
SetupCloseInfFile
SetupDiSetClassInstallParamsA

user32

wsprintfA

ole32

CoInitializeEx
CoUninitialize
CoCreateInstance

tapi32

lineInitializeExW
lineClose
lineShutdown
lineGetID
lineOpen
lineNegotiateAPIVersion
lineGetDevCapsW

kernel32

GetCPInfo
lstrcmpiA
GetLastError
GlobalAlloc
lstrcmpiW
GetTempFileNameW
WideCharToMultiByte
WriteFile
FormatMessageA
HeapFree
HeapReAlloc
lstrlenA
VirtualProtect
GetProcessHeap
MultiByteToWideChar
GetTempPathW
CloseHandle
GetShortPathNameW
GetVersionExA
VirtualQuery
GetModuleHandleA
CreateDirectoryW
LCMapStringA
LCMapStringW
GetStringTypeW
lstrcmpA
GetStringTypeA
VirtualFree
ExitProcess
lstrcpyA
DeleteFileW
LoadLibraryW
GetTickCount
GetLocaleInfoA
LoadLibraryA
GetProcAddress
GlobalFree
HeapAlloc
Sleep
FreeLibrary
GetSystemInfo
CreateFileA

ntdll

LdrGetDllHandle
NtAllocateVirtualMemory
RtlUshortByteSwap

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 287KB - Virtual size: 286KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f3f8188205ec5d7a98c36b851f17e731

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

setupapi

user32

ole32

tapi32

kernel32

ntdll

Sections

.text Size: 15KB - Virtual size: 15KB

.rsrc Size: 287KB - Virtual size: 286KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 3KB - Virtual size: 1.4MB

.tls Size: 512B - Virtual size: 4KB

.text
Size: 15KB - Virtual size: 15KB

.rsrc
Size: 287KB - Virtual size: 286KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 3KB - Virtual size: 1.4MB

.tls
Size: 512B - Virtual size: 4KB