ac288e0fb565628d6976f0e153d3530f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ac288e0fb565628d6976f0e153d3530f_JaffaCakes118
Size

290KB
MD5

ac288e0fb565628d6976f0e153d3530f
SHA1

901b2efbeacc7dcd03cb4acad7f07ca36c0beedb
SHA256

aeaaedf76a157eeba7c2bd973839654419256f2d468558589ba5b366bc61c802
SHA512

38e4c6b035e41ed7e4176b239e7051445961a88517edbbd2cd4b4d0116a01d8d1f29c608466ec18243ef126618936531e6ee171d650737cb5304f6458452862d
SSDEEP

6144:K71/Yk+J/tvpBZ9+RCszT+uNeq2oTbDkmXCKcf7weJ:Kh8J/tvpD96zT+6eqNvXCKc0eJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ac288e0fb565628d6976f0e153d3530f_JaffaCakes118

Files

ac288e0fb565628d6976f0e153d3530f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f3ae9a9b67aaac043d5708975639d10d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegQueryInfoKeyW
GetUserNameA
CryptGenRandom
SetSecurityDescriptorOwner
RegCreateKeyW
RegisterEventSourceW
SetSecurityDescriptorGroup
OpenThreadToken
RegDeleteKeyA
GetSecurityDescriptorDacl
LsaQueryInformationPolicy
SetEntriesInAclW
RegNotifyChangeKeyValue
AddAce
QueryServiceConfigW
RegDeleteValueW
CryptGetHashParam
RegisterTraceGuidsW
RegDeleteKeyW
DuplicateTokenEx
ControlService
CryptAcquireContextW
GetSecurityDescriptorLength
OpenServiceW
CryptAcquireContextA
MakeSelfRelativeSD
EqualSid
LookupAccountSidW
RegCreateKeyA
GetUserNameW
GetTokenInformation
DeleteService
LsaFreeMemory
RegOpenKeyExA
GetSidLengthRequired
RegEnumValueW
RegEnumKeyW
CheckTokenMembership
UnlockServiceDatabase
RegSetValueExW
StartServiceW
OpenSCManagerA
ImpersonateLoggedOnUser
CryptCreateHash
GetTraceLoggerHandle
LookupPrivilegeValueA

kernel32

GetLastError
FlushFileBuffers
IsDebuggerPresent
CompareStringW
GetConsoleMode
GetVersion
lstrcpynW
ReleaseMutex
LoadLibraryExA
WaitForSingleObject
GetCurrentThreadId
GetEnvironmentStrings
CreateMutexA
GetExitCodeThread
ResumeThread
QueryPerformanceCounter
InterlockedIncrement
UnmapViewOfFile
FreeEnvironmentStringsW
VirtualQuery
GetSystemInfo
GetLocaleInfoA
GetCurrentProcess
GetTempPathA
OpenMutexA
GetModuleHandleW
lstrlenW
HeapFree
GetTickCount
HeapReAlloc
TlsGetValue
TerminateProcess
GetThreadLocale
GetFileSize
CreateDirectoryA
GetCommandLineW
GetStartupInfoA
GetSystemTime
DisableThreadLibraryCalls
InitializeCriticalSection
GetSystemDirectoryW
FormatMessageW
GetModuleHandleA
GetStdHandle
GetVersionExW
OpenEventW
CreateMutexW
SetErrorMode
GetCommandLineA
lstrcatA
Sleep
OpenMutexW
PurgeComm
GetFullPathNameW
GetSystemTimeAsFileTime
FindFirstFileW
GetModuleFileNameW
GetCurrentProcessId
SetLastError
VirtualAlloc
LoadResource
WideCharToMultiByte
FindResourceW
RtlUnwind
LCMapStringA
ExitProcess
GetFileAttributesA
VirtualFree
lstrcmpiA

msvcrt

_strdup
_finite
sprintf
_chsize
__setusermatherr
toupper
_rotl
wcsncmp
__pioinfo
_rotr
_tell
_local_unwind2
setlocale
fwrite
memmove
_wfopen
fopen
_cexit
_ftol
towlower
_c_exit
qsort
_adjust_fdiv
memset
__p__osver
rand
exit
??3@YAXPAX@Z
iswspace
_lock
srand
_ltoa
ceil
strncmp
_strlwr
_wcsnicmp
printf
_initterm
__p__iob
malloc
_ultow

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.textbss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.textbss
Size: 275KB - Virtual size: 278KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f3ae9a9b67aaac043d5708975639d10d

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

Sections

.text Size: 4KB - Virtual size: 4KB

.textbss Size: - Virtual size: 2KB

BSS Size: - Virtual size: 3KB

.bss Size: - Virtual size: 1KB

.bss Size: - Virtual size: 1KB

DATA Size: - Virtual size: 220KB

.textbss Size: 275KB - Virtual size: 278KB

.rsrc Size: 10KB - Virtual size: 10KB

.text
Size: 4KB - Virtual size: 4KB

.textbss
Size: - Virtual size: 2KB

BSS
Size: - Virtual size: 3KB

.bss
Size: - Virtual size: 1KB

.bss
Size: - Virtual size: 1KB

DATA
Size: - Virtual size: 220KB

.textbss
Size: 275KB - Virtual size: 278KB

.rsrc
Size: 10KB - Virtual size: 10KB