a55ab3655f67c0f99a4318dfc20dd739_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a55ab3655f67c0f99a4318dfc20dd739_JaffaCakes118
Size

264KB
MD5

a55ab3655f67c0f99a4318dfc20dd739
SHA1

554476692c438fbab5f18da9b0f49834fd6683c4
SHA256

80eebbfbba110b30b62d670668c1c93d304d1e9bdc6aaed3425e3fb99594004c
SHA512

47486b7cf980d5ea5768aa3d9e659b0f2e3863782754423cbce7ffafeec3e09c3b909c6b0070959f824339febf05113bb8d2dc1bd388f06b59bd9b5b26dc2b00
SSDEEP

6144:9xFG6ivE0kpljQbysS3yS6jeLBP/f7FPFmIppBNC+8S8YC3zT:/FZ0kpVQjwyU/DKIpfw0HC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a55ab3655f67c0f99a4318dfc20dd739_JaffaCakes118

Files

a55ab3655f67c0f99a4318dfc20dd739_JaffaCakes118
.exe windows:4 windows x86 arch:x86

343e706708fd62725307fb88f1889593

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
TerminateProcess
GetCPInfo
MultiByteToWideChar
LCMapStringW
GetConsoleOutputCP
SetStdHandle
GetLocaleInfoA
WriteFile
CompareStringA
HeapReAlloc
CompareStringW
GetCurrentProcessId
HeapDestroy
SetFilePointer
RaiseException
SetEndOfFile
SetUnhandledExceptionFilter
SetEnvironmentVariableA
GetDateFormatA
GetTimeFormatA
LeaveCriticalSection
EnumResourceTypesA
FreeLibrary
IsValidCodePage
GetStringTypeW
GetCurrentProcess
LoadLibraryA
UnhandledExceptionFilter
QueryPerformanceCounter
WriteConsoleA
GetTickCount
CreateMailslotW
GetACP
IsDebuggerPresent
GetSystemTimeAsFileTime
GetOEMCP
ReadFile
InitializeCriticalSection
HeapCreate
VirtualFree
LCMapStringA
GetTimeZoneInformation
HeapSize
VirtualAlloc
RtlUnwind
EnterCriticalSection
GetStringTypeA

iphlpapi

GetIpAddrTable

oleacc

LresultFromObject
AccessibleObjectFromPoint

advapi32

SetSecurityInfo
GetAclInformation
IsValidAcl
UnlockServiceDatabase
OpenProcessToken
InitializeAcl
FreeInheritedFromArray
RegCloseKey
AddAce
OpenSCManagerW
EqualSid
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeNameA
StartServiceA
SetEntriesInAclA
RegGetKeySecurity
RegDeleteKeyW
GetSecurityDescriptorControl
GetNamedSecurityInfoW
RegSaveKeyW
DeleteService
InitializeSecurityDescriptor
RegQueryValueExW
OpenServiceW
QueryServiceLockStatusW
RegEnumKeyExW
LookupPrivilegeValueA
GetTokenInformation
LookupPrivilegeDisplayNameA
CloseServiceHandle
RegCreateKeyExW
GetAce
RegDeleteValueW
ControlService
RegSetValueExW
IsValidSecurityDescriptor
QueryServiceConfigW
GetSecurityInfo
SetNamedSecurityInfoW
QueryServiceStatus
GetInheritanceSourceW
SetSecurityDescriptorDacl
AllocateAndInitializeSid
ChangeServiceConfig2W
RegRestoreKeyW
SetEntriesInAclW
LockServiceDatabase
EnumDependentServicesW
CreateServiceW
ChangeServiceConfigW
LookupAccountSidW
FreeSid
RegEnumValueW

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 202KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

343e706708fd62725307fb88f1889593

Headers

File Characteristics

Imports

kernel32

iphlpapi

oleacc

advapi32

Sections

.text Size: 57KB - Virtual size: 57KB

.rdata Size: 3KB - Virtual size: 146KB

.data Size: 202KB - Virtual size: 202KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 57KB - Virtual size: 57KB

.rdata
Size: 3KB - Virtual size: 146KB

.data
Size: 202KB - Virtual size: 202KB

.rsrc
Size: 512B - Virtual size: 4KB