96340be91b3a3f4d726d1e678ab593f5_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

96340be91b3a3f4d726d1e678ab593f5_JaffaCakes118
Size

495KB
MD5

96340be91b3a3f4d726d1e678ab593f5
SHA1

df983ed5a5ead119be5b1bb91dc58b0f688a09c0
SHA256

6ee82d23bf441f7ddcfe6fa31c3012326fdaff750fb8535b746eb9d6a2d19e9f
SHA512

2728faf7ea3469453a5e9b9ade419c53892782e38c80223b548c9f801de1370c2f546263e2b83b5a04ef0fe3e87f6536dce28d2e59e5db704a8c87cc6a07f600
SSDEEP

6144:PU5zwAUaoO02RvA9F17b6K4zzXQdcsc8s6WOYAOTjwLBzkizN8+zU:P6hJoO025A9FVuDQqscKW3Azz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
96340be91b3a3f4d726d1e678ab593f5_JaffaCakes118

Files

96340be91b3a3f4d726d1e678ab593f5_JaffaCakes118
.exe regsvr32 windows:4 windows x86 arch:x86

1c3b4531a3d565d5d98a57069f5837df

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CharLowerA
UnhookWinEvent
SetWinEventHook
wsprintfA

advapi32

RegQueryValueExA
DeleteService
OpenServiceA
StartServiceA
OpenSCManagerA
RegCloseKey
RegSetValueExA
RegCreateKeyA
RegOpenKeyExA
CloseServiceHandle
CreateServiceA

kernel32

TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetFileSizeEx
GetLastError
CloseHandle
OpenEventA
DeleteFileA
HeapFree
DeviceIoControl
HeapAlloc
GetProcessHeap
CreateFileA
lstrlenA
Sleep
CreateEventA
WriteFile
MultiByteToWideChar
GetLongPathNameA
GetEnvironmentVariableA
GetProcAddress
GetModuleHandleA
lstrlenW
VirtualFree
VirtualProtect
VirtualAlloc
ReadFile
ExpandEnvironmentStringsA
MoveFileExA
GetFileAttributesA
LoadLibraryA
lstrcmpA
CompareStringA
Process32Next
Process32First
CreateToolhelp32Snapshot
MoveFileA
SetUnhandledExceptionFilter
WaitForSingleObject
LoadLibraryExA
SetFilePointerEx
GetModuleFileNameA
ExitThread
DisableThreadLibraryCalls
InterlockedExchange
SetEvent
FindClose
FindNextFileA
FindFirstFileA
ReleaseMutex
InterlockedDecrement
GetCurrentThreadId
InterlockedIncrement
InterlockedExchangeAdd
LeaveCriticalSection
EnterCriticalSection
CreateMutexA
Beep
InitializeCriticalSection
InterlockedCompareExchange
DeleteCriticalSection
GetTickCount
WaitForMultipleObjects
GetExitCodeProcess
GetTempFileNameA
GetTempPathA
CreateThread
OpenThread
Thread32Next
Thread32First
Module32Next
Module32First

ntdll

memset
NtClose
_vsnprintf
memcpy
RtlInitUnicodeString
memmove

msvcrt

malloc
free

Exports

Exports

DllRegisterServer
DllUnregisterServer
InitializePrintProvidor
ServiceMain
wep

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 464KB - Virtual size: 469KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1c3b4531a3d565d5d98a57069f5837df

Headers

File Characteristics

Imports

user32

advapi32

kernel32

ntdll

msvcrt

Exports

Exports

Sections

.text Size: 27KB - Virtual size: 26KB

.data Size: 464KB - Virtual size: 469KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 27KB - Virtual size: 26KB

.data
Size: 464KB - Virtual size: 469KB

.reloc
Size: 3KB - Virtual size: 2KB