a7c4bb8def5ec632a71e01da13da1e70_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a7c4bb8def5ec632a71e01da13da1e70_JaffaCakes118
Size

48KB
MD5

a7c4bb8def5ec632a71e01da13da1e70
SHA1

59c665bffa317c1a17db230adfd8630d7b409aa9
SHA256

7ff4a2738e3b69505902bdb86928f557f221869454788afc430a37ef8f4d38f9
SHA512

64f6e882bbfc69b9cc550e3356394148f97064fcd455222febe1b070b6df438f79bff22c804e3f2953fb1b2d149063285b1bd58da3cdca0edc4cbcdfa735e890
SSDEEP

768:uPcali9uJtv+5kI/d4exMOPa98MFbr1lWc+Om4OC6MqR/S38bdNh/qpJN5maW2YG:ukalQAm5p4A7Pa6MtHFrO+Eu8b/18P5T

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a7c4bb8def5ec632a71e01da13da1e70_JaffaCakes118

Files

a7c4bb8def5ec632a71e01da13da1e70_JaffaCakes118
.exe windows:5 windows x86 arch:x86

1ffc34d09f7f23cf2b0e35749c09ad81

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoA
VerQueryValueA

msvcrt

_osver
__p__fmode
strncmp
__set_app_type
_makepath
_onexit
atol
fseek
_wcsdup
_fileno
__setusermatherr
wcsncmp
fread
fwrite
strcmp
_wfsopen
memmove
iswctype
_except_handler3
strncpy
_access
wcscmp
memcpy
time
_unlock
fclose
tolower
_splitpath
_wsplitpath
_strcmpi

advapi32

RegFlushKey
OpenServiceA
RegEnumValueW
RegCreateKeyW
SetSecurityDescriptorDacl
RegEnumValueA
OpenSCManagerW
RegOpenKeyExA
RegCloseKey
OpenSCManagerA
QueryServiceStatus
InitializeSecurityDescriptor
RegDeleteKeyW
RegDeleteKeyA
UnlockServiceDatabase
GetSecurityDescriptorControl
RegQueryValueExA
OpenServiceW
FreeSid
CloseServiceHandle
LookupPrivilegeValueA
ChangeServiceConfigA
RegEnumKeyExA
QueryServiceConfig2A
RegOpenKeyW
RegEnumKeyExW
SetServiceStatus

gdi32

CreateDIBSection
SetRectRgn
GetPaletteEntries
Polyline
GetStockObject
SaveDC
CreateRoundRectRgn
SetWinMetaFileBits
LineTo
CreateEllipticRgn
BitBlt
TranslateCharsetInfo
GetEnhMetaFileBits
SetDIBits
GetWindowExtEx
CreateCompatibleDC
PolyDraw
TextOutA
SetEnhMetaFileBits
GetEnhMetaFilePaletteEntries
ExtTextOutW
DeleteDC
EndPage
CreatePenIndirect
CreatePen
CreateBitmapIndirect
CreatePalette
Ellipse
GetTextExtentPoint32A
SetStretchBltMode

kernel32

GetSystemDirectoryA
ExpandEnvironmentStringsA
GlobalUnlock
GlobalFree
VirtualAlloc
GetEnvironmentVariableA
HeapSize
SetFileTime
MoveFileExW
GetTimeFormatA
GetPrivateProfileStringA
InterlockedExchange
InterlockedIncrement
CloseHandle
LoadResource
GetTempFileNameW
ExitProcess
lstrcpynA
lstrcmpW
RemoveDirectoryW
SetFileAttributesA
GetCurrentThreadId
GetCurrentThread
GetTempFileNameA
lstrcmpiA
CreateEventA

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

edata
Size: 1024B - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1ffc34d09f7f23cf2b0e35749c09ad81

Headers

DLL Characteristics

File Characteristics

Imports

version

msvcrt

advapi32

gdi32

kernel32

Sections

.text Size: 25KB - Virtual size: 25KB

.data Size: 512B - Virtual size: 348B

.idata Size: 19KB - Virtual size: 18KB

edata Size: 1024B - Virtual size: 9KB

.text
Size: 25KB - Virtual size: 25KB

.data
Size: 512B - Virtual size: 348B

.idata
Size: 19KB - Virtual size: 18KB

edata
Size: 1024B - Virtual size: 9KB