a2d06b9dcda4d3517473a047168c2644_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

a2d06b9dcda4d3517473a047168c2644_JaffaCakes118
Size

170KB
MD5

a2d06b9dcda4d3517473a047168c2644
SHA1

ba853b279bcfcd9ec29d465cdcb5cef1d228b295
SHA256

e52e9675b7051293d4beadf86f8d6fa0143441d8d85ce3a3873622cc14cdab13
SHA512

2103df5a40d5d828c4b02ed2d80cb410a15d287dbea77f016168f6b043cf741b006a5858ba5406a3887653eed59cbbb8124d7dbfb4bcf7b688d5b7b49190c2d9
SSDEEP

3072:OQo278l19sWrxrXoJyN1RT/jSMTqdW4ud0EwudoBl4I9Uwrk6:BVY9R1bzNrSGqdxud0VudoBlNUo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a2d06b9dcda4d3517473a047168c2644_JaffaCakes118

Files

a2d06b9dcda4d3517473a047168c2644_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b9cf59d1708bfad775fdc3c85d35f183

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

SetupCloseInfFile
SetupOpenInfFileW
SetupGetStringFieldW
SetupFindNextLine
SetupGetBinaryField
SetupGetLineTextW
SetupGetIntField
SetupFindFirstLineW

ole32

CoInitializeEx
StringFromGUID2
CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc
CoGetContextToken
CoTaskMemRealloc
CreateBindCtx
CoUninitialize

avifil32

AVIClearClipboard

kernel32

Beep
VirtualAlloc

advapi32

CloseServiceHandle
RegOpenKeyExA
RegQueryInfoKeyW
SetFileSecurityW
LookupPrivilegeValueW
InitializeSecurityDescriptor
OpenSCManagerW
AdjustTokenPrivileges
CreateProcessAsUserW
RevertToSelf
RegQueryValueExW
RegEnumValueW
ConvertStringSidToSidW
RegSetValueExW
RegQueryValueExA
RegEnumKeyExW
RegDeleteValueW
GetTokenInformation
RegSaveKeyW
RegCreateKeyExW
LookupPrivilegeNameW
DuplicateTokenEx
RegEnumKeyW
GetLengthSid
RegOpenKeyExW
EnumServicesStatusExW
AllocateAndInitializeSid
FreeSid
RegCloseKey
CopySid
ImpersonateLoggedOnUser
SetSecurityDescriptorOwner
OpenProcessToken

Sections

.text
Size: 512B - Virtual size: 396B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 848KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b9cf59d1708bfad775fdc3c85d35f183

Headers

DLL Characteristics

File Characteristics

Imports

setupapi

ole32

avifil32

kernel32

advapi32

Sections

.text Size: 512B - Virtual size: 396B

.data Size: 52KB - Virtual size: 848KB

.reloc Size: 512B - Virtual size: 28B

.rsrc Size: 91KB - Virtual size: 91KB

.rdata Size: 22KB - Virtual size: 21KB

.idata Size: 2KB - Virtual size: 1KB

.text
Size: 512B - Virtual size: 396B

.data
Size: 52KB - Virtual size: 848KB

.reloc
Size: 512B - Virtual size: 28B

.rsrc
Size: 91KB - Virtual size: 91KB

.rdata
Size: 22KB - Virtual size: 21KB

.idata
Size: 2KB - Virtual size: 1KB