a5a18be727738dbcb79b87f4d3c5354d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a5a18be727738dbcb79b87f4d3c5354d_JaffaCakes118
Size

26KB
MD5

a5a18be727738dbcb79b87f4d3c5354d
SHA1

e2deac12eae26788c2a81cac7525d530f330262a
SHA256

48ddb859aa17e1a2c6af081457d4d230b622c3dc8aa3a465d92811f0402305d6
SHA512

8616616264f73d5c21a975a0ee7b934f6ce2ffd2bc6ece4e2d38a3e5319d72b6e72bb250ff9e641f71a6216d645e873f78e91cfdcb4546194784c4f74d17fbab
SSDEEP

768:Hm8lCu0zoXoz03jM15huyMCaCeDf7DfXXP7D7DfC7ssU7tfcjgx5:HmHu0zoXoA3ShuyMb7q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a5a18be727738dbcb79b87f4d3c5354d_JaffaCakes118

Files

a5a18be727738dbcb79b87f4d3c5354d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ac282db3d6795d19fcd993a8bc128eef

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

OleUninitialize
CoTaskMemFree
OleInitialize

ntdll

RtlAdjustPrivilege
NtAllocateVirtualMemory

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

shlwapi

PathBuildRootW
StrRChrW
PathRemoveFileSpecW
StrChrW
PathAddBackslashW
PathAppendW
PathFileExistsW
StrStrIW
PathCombineW

advapi32

LookupPrivilegeValueW
FreeSid
RegOpenKeyExW
RegCloseKey
RegLoadKeyW
AdjustTokenPrivileges
RegCreateKeyExW
GetTokenInformation
RegQueryInfoKeyW
RegOpenKeyExA
EqualSid
RegDeleteKeyW
RegUnLoadKeyW
RegSaveKeyW
RegSetValueExW
AllocateAndInitializeSid
RegEnumKeyW
RegSetValueW
RegFlushKey
RegQueryValueExW
RegQueryValueExA
OpenProcessToken
RegDeleteValueW
RegEnumValueW

msvcrt

free
_wtoi
_setjmp3
_ultow
memcpy
longjmp
_XcptFilter
_vsnprintf
memmove
_vsnwprintf
_amsg_exit
_initterm
_wcsnicmp
malloc
_adjust_fdiv
_wtol
bsearch
_wcsicmp
memset

setupapi

SetupSetDirectoryIdW
SetupGetStringFieldW
SetupOpenInfFileW
SetupInitDefaultQueueCallbackEx
SetupGetLineTextW
SetupCloseFileQueue
SetupFindFirstLineW
SetupOpenFileQueue
SetupTermDefaultQueueCallback
SetupDefaultQueueCallbackW
SetupCommitFileQueueW
SetupQueueCopyW
SetupOpenAppendInfFileW
SetupCloseInfFile
SetupFindNextLine
SetupInstallFromInfSectionW

oleaut32

VariantClear

rpcrt4

RpcStringFreeW

gdi32

CreateFontIndirectW
DeleteObject
GetStockObject
GetObjectW
GetDeviceCaps

kernel32

GetStartupInfoA

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ac282db3d6795d19fcd993a8bc128eef

Headers

DLL Characteristics

File Characteristics

Imports

ole32

ntdll

version

shlwapi

advapi32

msvcrt

setupapi

oleaut32

rpcrt4

gdi32

kernel32

Sections

.text Size: 4KB - Virtual size: 4KB

.rsrc Size: 15KB - Virtual size: 14KB

.data Size: 512B - Virtual size: 40KB

.rdata Size: 5KB - Virtual size: 5KB

.text
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 15KB - Virtual size: 14KB

.data
Size: 512B - Virtual size: 40KB

.rdata
Size: 5KB - Virtual size: 5KB