961631315188600460458d44141364e5_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

961631315188600460458d44141364e5_JaffaCakes118
Size

147KB
MD5

961631315188600460458d44141364e5
SHA1

abff1db6313d50b848fc22ca712ce84c5d44b3ea
SHA256

709401e49372ea0405b9d1ac37daea5ed499469c245012baa3d77e6b3864cfb3
SHA512

5198da35814fdecd7594900ac6b77d233610eacccccf42cc3b764f01f31b33b820d308a2dad57403dabbab44b2a4f1dee645074fb3d1e527c3cbe2e648e9fd33
SSDEEP

3072:WQQ9vLVq4Wty5uge/+OYHyIKtLxuHi19QRXtpb/:WQQ9vIP88w5KXuHiXQXpb/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
961631315188600460458d44141364e5_JaffaCakes118

Files

961631315188600460458d44141364e5_JaffaCakes118
.exe windows:4 windows x64 arch:x64

4e5af20f7310751895f9b31dff069993

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

setupapi

SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList

ntdll

strncpy
memmove
memchr
memcpy
memcmp
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlUnwindEx
NtTerminateProcess
RtlUnhandledExceptionFilter
RtlVirtualUnwind
memset
RtlCaptureContext

kernel32

GetACP
LocalFree
GetLastError
LocalAlloc
GetLocaleInfoA
GetOEMCP
GetVersionExA
HeapFree
HeapAlloc
GetProcessHeap
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
HeapReAlloc
ReadFile
SetStdHandle
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
LCMapStringA
LCMapStringW
LoadLibraryA
LeaveCriticalSection
GetStringTypeW
GetStringTypeA
CloseHandle
SetFilePointer
FlushFileBuffers
SetUnhandledExceptionFilter
DeleteCriticalSection
EnterCriticalSection
Sleep
InitializeCriticalSection
MultiByteToWideChar
GetCommandLineA
GetStartupInfoA
RaiseException
GetCPInfo
TlsAlloc
SetLastError
GetCurrentThreadId
TlsFree
TlsSetValue
TlsGetValue
GetProcAddress
GetModuleHandleA
ExitProcess
HeapSize
WriteFile
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapSetInformation
HeapCreate

user32

LoadIconA
wsprintfA

advapi32

RegQueryValueExA
RegEnumValueA
RegEnumKeyExA
AllocateAndInitializeSid
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
FreeSid
RegSetValueExA
RegOpenKeyExA
RegQueryInfoKeyA
RegEnumKeyA
RegCloseKey
RegDeleteKeyA
RegCreateKeyExA

Sections

.text
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 29KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4e5af20f7310751895f9b31dff069993

Headers

DLL Characteristics

File Characteristics

Imports

setupapi

ntdll

kernel32

user32

advapi32

Sections

.text Size: 76KB - Virtual size: 75KB

.rdata Size: 27KB - Virtual size: 26KB

.data Size: 7KB - Virtual size: 16KB

.pdata Size: 7KB - Virtual size: 7KB

.rsrc Size: 29KB - Virtual size: 30KB

.text
Size: 76KB - Virtual size: 75KB

.rdata
Size: 27KB - Virtual size: 26KB

.data
Size: 7KB - Virtual size: 16KB

.pdata
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 29KB - Virtual size: 30KB