a21cc9c927dbfa5241b1cb9b725fa138_JaffaCakes118

General

Target

a21cc9c927dbfa5241b1cb9b725fa138_JaffaCakes118
Size

11.2MB
MD5

a21cc9c927dbfa5241b1cb9b725fa138
SHA1

ab3c35166d00f231d112d69b23c74503941c911b
SHA256

412cea672498d239647378b7741c6346a9a201440cc58b84ea2ccfab61a90369
SHA512

f9792fde4596dec951096c7f7c1f6092d945d6e8576fb1480b15e84b244b90624db844f76c43895dedc12ead8cf180c1321c03ef39453fdea19498661c9d7fe2
SSDEEP

3072:3A++6/M9TWTaeMc8+jJHVIi4G8P1UetnxOj0gv2FZKB:3A++6/MZ2Hii4G8NUATK8E

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a21cc9c927dbfa5241b1cb9b725fa138_JaffaCakes118

Files

a21cc9c927dbfa5241b1cb9b725fa138_JaffaCakes118
.exe windows:4 windows x86 arch:x86

80606ba31ccdc6fd803fe63c7bf88725

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GetCommandLineA
SetUnhandledExceptionFilter
WritePrivateProfileStringA
GetCurrentThreadId
SetFilePointer
Sleep
DeleteFileA
SetLastError
lstrcpyA
GlobalAlloc
LocalFileTimeToFileTime
SetFileTime
lstrlenA
GetCurrentProcess
GetStartupInfoA
Process32Next
ExitProcess
CreateFileA
WriteFile
CloseHandle
GetLastError
LoadLibraryA
GetProcAddress
FreeLibrary

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
??1type_info@@UAE@XZ
strstr
??3@YAXPAX@Z
__CxxFrameHandler
time
srand
rand
??2@YAPAXI@Z
memcpy
strcat
memset
strchr
strcpy
strlen
malloc
realloc
_except_handler3
_strcmpi
_strnset
exit
_strrev

advapi32

ControlService
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegRestoreKeyA
RegSaveKeyA
CloseServiceHandle
StartServiceA
OpenServiceA
OpenSCManagerA

user32

keybd_event
FindWindowA
GetForegroundWindow
GetWindowThreadProcessId
wsprintfA
AttachThreadInput
GetFocus
PostMessageA
IsCharAlphaNumericA

shell32

SHGetSpecialFolderPathA
ShellExecuteA

dbghelp

MakeSureDirectoryPathExists

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

80606ba31ccdc6fd803fe63c7bf88725

Headers

File Characteristics

Imports

kernel32

msvcrt

advapi32

user32

shell32

dbghelp

Sections

.text Size: 12KB - Virtual size: 11KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 37KB - Virtual size: 37KB

.rsrc Size: 123KB - Virtual size: 123KB

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 37KB - Virtual size: 37KB

.rsrc
Size: 123KB - Virtual size: 123KB