a13e63c8f446446bfb7cd2d870d3579b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a13e63c8f446446bfb7cd2d870d3579b_JaffaCakes118
Size

26KB
MD5

a13e63c8f446446bfb7cd2d870d3579b
SHA1

d4b1cc71c95db1255b08771bf9a2d16801921c5b
SHA256

172e76e8172667181b9cba0ed753f52066c586ad6fda06d9418aec1b03e7ed37
SHA512

45f71356c407720afb8ba514e339343c62e5df09a19e06b31822bcc413987101c31e3b17255e3e882baf60f0dbe8244219e1a40730728976398b0dbb458102a3
SSDEEP

768:H2y2EKafYU7WDOKINq6h5uZ87HYp6myeM:HrKafYU7WqKSpjK6jP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a13e63c8f446446bfb7cd2d870d3579b_JaffaCakes118

Files

a13e63c8f446446bfb7cd2d870d3579b_JaffaCakes118
.exe windows:5 windows x86 arch:x86

22387d0c646ff9e6624615638ece3e7d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

GetStockObject
DeleteObject
GetDeviceCaps
GetObjectW
CreateFontIndirectW

advapi32

RegQueryInfoKeyW
RegFlushKey
RegDeleteKeyW
FreeSid
AllocateAndInitializeSid
RegSetValueExW
RegEnumValueW
RegCloseKey
RegCreateKeyExW
RegQueryValueExA
RegQueryValueExW
RegLoadKeyW
OpenProcessToken
RegSaveKeyW
LookupPrivilegeValueW
RegOpenKeyExA
RegSetValueW
RegDeleteValueW
EqualSid
GetTokenInformation
RegEnumKeyW
AdjustTokenPrivileges
RegUnLoadKeyW
RegOpenKeyExW

shlwapi

PathAddBackslashW
PathRemoveFileSpecW
PathAppendW
PathCombineW
StrChrW
PathBuildRootW
PathFileExistsW
StrRChrW
StrStrIW

kernel32

GetStartupInfoA

rpcrt4

RpcStringFreeW

setupapi

SetupInstallFromInfSectionW
SetupDefaultQueueCallbackW
SetupCloseInfFile
SetupQueueCopyW
SetupCloseFileQueue
SetupFindNextLine
SetupCommitFileQueueW
SetupOpenAppendInfFileW
SetupGetLineTextW
SetupTermDefaultQueueCallback
SetupGetStringFieldW
SetupOpenInfFileW
SetupSetDirectoryIdW
SetupInitDefaultQueueCallbackEx
SetupOpenFileQueue
SetupFindFirstLineW

msvcrt

_wcsicmp
free
malloc
_XcptFilter
_wtoi
longjmp
memcpy
_wtol
_wcsnicmp
_adjust_fdiv
memmove
_setjmp3
_vsnwprintf
_vsnprintf
_amsg_exit
bsearch
_initterm
_ultow
memset

ntdll

NtAllocateVirtualMemory
RtlAdjustPrivilege

oleaut32

VariantClear

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

ole32

OleInitialize
OleUninitialize
CoTaskMemFree

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

22387d0c646ff9e6624615638ece3e7d

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

advapi32

shlwapi

kernel32

rpcrt4

setupapi

msvcrt

ntdll

oleaut32

version

ole32

Sections

.text Size: 4KB - Virtual size: 4KB

.rsrc Size: 15KB - Virtual size: 14KB

.data Size: 512B - Virtual size: 40KB

.rdata Size: 5KB - Virtual size: 88KB

.text
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 15KB - Virtual size: 14KB

.data
Size: 512B - Virtual size: 40KB

.rdata
Size: 5KB - Virtual size: 88KB