a3df6ba917b87cdad13a0fe7b943f35c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a3df6ba917b87cdad13a0fe7b943f35c_JaffaCakes118
Size

244KB
MD5

a3df6ba917b87cdad13a0fe7b943f35c
SHA1

49c5d4dabe5002990df039ee914303533b5fdabb
SHA256

276390ae66c6455309bb550524f5638ff704f2ebe5e98e9ea861aac0e437ea4b
SHA512

fc41dce20395548de7c162020fdbc035604d3883eee43080917e2448241885dd4da1a104b4e98874dcf6cc3add638b082aee0b1a3e8694e57c38955961170077
SSDEEP

3072:x5n3oCMFn1oOQRuJzOQ5+iCzOmME90UhbV7NbdVpoFDQ4hQ6uiiveb:MCoZ5rmMEzbNbH4hufe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a3df6ba917b87cdad13a0fe7b943f35c_JaffaCakes118

Files

a3df6ba917b87cdad13a0fe7b943f35c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4861470129aabc2d631d8c23a1d4ac7a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadResource
FindResourceA
LocalFree
LocalAlloc
LockResource
FreeLibrary
GetCurrentProcessId
WaitForSingleObject
CreateThread
SizeofResource
CreateFileA
WriteFile
CloseHandle
Sleep
OpenProcess
MultiByteToWideChar
VirtualAllocEx
WriteProcessMemory
GetModuleHandleA
GetProcAddress
CreateRemoteThread
GetVersionExA
GetModuleFileNameA
CopyFileA
lstrlenA
LoadLibraryA
GetLastError
GetSystemDirectoryA
RtlUnwind
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
SetFilePointer
HeapAlloc
InterlockedDecrement
InterlockedIncrement
InitializeCriticalSection
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
SetStdHandle
FlushFileBuffers
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

advapi32

RegisterServiceCtrlHandlerA
SetServiceStatus
OpenServiceA
QueryServiceStatus
DeleteService
ControlService
OpenSCManagerA
CreateServiceA
CloseServiceHandle
LockServiceDatabase
QueryServiceLockStatusA
ChangeServiceConfig2A
UnlockServiceDatabase
RegOpenKeyA
RegSetValueExA
RegCloseKey
StartServiceCtrlDispatcherA
StartServiceA

psapi

EnumProcessModules
GetModuleFileNameExA
EnumProcesses

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 172KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4861470129aabc2d631d8c23a1d4ac7a

Headers

File Characteristics

Imports

kernel32

advapi32

psapi

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 12KB - Virtual size: 18KB

.rsrc Size: 172KB - Virtual size: 168KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 12KB - Virtual size: 18KB

.rsrc
Size: 172KB - Virtual size: 168KB