a929747af875a4d61c946e86cd0e9b44_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a929747af875a4d61c946e86cd0e9b44_JaffaCakes118
Size

20KB
MD5

a929747af875a4d61c946e86cd0e9b44
SHA1

32931702417571b9985b7fc4dc65d2651cf39d37
SHA256

aeab85b751327391dab1b369865789f7a893ff8cf9c0ab7df3b1310592f5cbe0
SHA512

796691b5ce9565b0a0d53d3f4724f5a66f20c3a55cd4bf39ee07d4dab7a5dc418f1d997c53d4525f66424410956e1074fd20224af7c1925402df11b5c62ba9fe
SSDEEP

384:i0RVlVmmcnom/SaqIr2o+75L1H/VRPyM5RwX3VTwgY2yJzC:BRPVmmcHqIKoq/VR7K3Nwp2Qm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a929747af875a4d61c946e86cd0e9b44_JaffaCakes118

Files

a929747af875a4d61c946e86cd0e9b44_JaffaCakes118
.exe windows:5 windows x86 arch:x86

2f0eca91ef91fc3cd393bad2791df608

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\Администратор\Documents\Visual Studio 2008\Projects\MTR\Test2\Release\mtrsurs.pdb

Imports

kernel32

DeleteFileA
Sleep
GlobalAlloc
GetCommandLineA
GetModuleFileNameA
GetLocalTime
CreateToolhelp32Snapshot
Process32First
lstrcmpiA
Process32Next
GetProcAddress
LoadLibraryA
CreateProcessA
GetModuleHandleA
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
GetFileAttributesA
WinExec
ExitProcess
OpenProcess
ReadProcessMemory
GetVersionExA
GetTickCount
GetComputerNameA
GlobalMemoryStatus
CopyFileA
GlobalFree
lstrlenA
IsDebuggerPresent
RtlUnwind
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetFileSize
CloseHandle
WriteFile
SetFilePointer
GetSystemDirectoryA
CreateFileA

user32

MapVirtualKeyA
KillTimer
PostQuitMessage
DefWindowProcA
SendMessageA
FindWindowA
PostMessageA
RegisterClassA
CreateWindowExA
ShowWindow
SetTimer
GetMessageA
TranslateMessage
DispatchMessageA
ToAscii
ActivateKeyboardLayout
GetKeyboardState
GetKeyState
GetAsyncKeyState
GetWindowTextA
GetForegroundWindow
GetWindowThreadProcessId
GetKeyboardLayout
GetSystemMetrics
CharLowerBuffA
EnumDisplayDevicesA

advapi32

OpenSCManagerA
DeleteService
CloseServiceHandle
CreateServiceA
OpenServiceA

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2f0eca91ef91fc3cd393bad2791df608

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

Sections

.text Size: 16KB - Virtual size: 16KB

.data Size: 512B - Virtual size: 2KB

.CRT Size: 512B - Virtual size: 4B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 16KB - Virtual size: 16KB

.data
Size: 512B - Virtual size: 2KB

.CRT
Size: 512B - Virtual size: 4B

.reloc
Size: 1KB - Virtual size: 1KB