a9aa149537de5eb9dfbe2452ed4599b2_JaffaCakes118

General

Target

a9aa149537de5eb9dfbe2452ed4599b2_JaffaCakes118
Size

12.2MB
MD5

a9aa149537de5eb9dfbe2452ed4599b2
SHA1

703e30eab8c3cf2503d1df17ad3210a1fddee4fc
SHA256

94017afa26f67344c0672253035d654b9dcfc65e258df6499d257154e5c6776c
SHA512

d933744e8b6d51a04dd8d955492a4a68cca9739e3c409347beb0a0d2c2b8d349e2c5a8151e989026b8dd0ae98b4a06617b3f80c7941e674ac747117b66067ce2
SSDEEP

3072:YY7o61ldzTGHsRW5WNqF+t8TUmVvm0fkqqCCVD2UrURmvT9C7j:RFldzTGHswlFJTUmBm0MySymQ7j

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a9aa149537de5eb9dfbe2452ed4599b2_JaffaCakes118

Files

a9aa149537de5eb9dfbe2452ed4599b2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

66ec5266d23f1578635a34859f1fb9c1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

dbghelp

MakeSureDirectoryPathExists

kernel32

SetUnhandledExceptionFilter
GetModuleHandleA
WritePrivateProfileStringA
GetCurrentThreadId
SetFilePointer
Sleep
GetLastError
DeleteFileA
SetLastError
lstrcpyA
GlobalAlloc
LocalFileTimeToFileTime
SetFileTime
lstrlenA
GetCurrentProcess
Process32Next
ExitProcess
CreateFileA
WriteFile
CloseHandle
GetProcessHeap
HeapAlloc
LoadLibraryA
GetProcAddress
FreeLibrary
GetCommandLineA
GetStartupInfoA

advapi32

OpenProcessToken
ControlService
OpenSCManagerA
RegSaveKeyA
RegRestoreKeyA
StartServiceA
LookupPrivilegeValueA
AdjustTokenPrivileges
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegSetKeySecurity
RegCloseKey
FreeSid
OpenServiceA

user32

FindWindowA
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
GetFocus
BlockInput
IsCharAlphaNumericA

msvcrt

_strcmpi
_controlfp
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
realloc
malloc
_except_handler3
strchr
??2@YAPAXI@Z
??3@YAXPAX@Z
rand
srand
time
__CxxFrameHandler
strstr
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

66ec5266d23f1578635a34859f1fb9c1

Headers

File Characteristics

Imports

dbghelp

kernel32

advapi32

user32

msvcrt

Sections

.text Size: 12KB - Virtual size: 11KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 29KB - Virtual size: 29KB

.rsrc Size: 123KB - Virtual size: 123KB

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 29KB - Virtual size: 29KB

.rsrc
Size: 123KB - Virtual size: 123KB