b154f3a38f3435f5da65494bbf972367_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b154f3a38f3435f5da65494bbf972367_JaffaCakes118
Size

56KB
MD5

b154f3a38f3435f5da65494bbf972367
SHA1

36b0f51d30bb199229f3b4c8089e4b6f6e6f13d9
SHA256

407e370a3110c66c42fbff5b7d767b267610f8712bccc637ea874fb776fced95
SHA512

7b5d9e185731a3cf615e805be86b78b8d6da0ff5ca13cfb5bc379ebfc82256cb44b98a095605200bd84faf23e61062ebcc356a07b602460702c85fb4a64368ae
SSDEEP

1536:00WHvEgEiJw5UiDc1pOiLtJxm9GzIaDVPuSc9C:3qEgEeIWUMzvoScQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b154f3a38f3435f5da65494bbf972367_JaffaCakes118

Files

b154f3a38f3435f5da65494bbf972367_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ec6386118ca92c9fab16b509212d218a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

AddAce
RegDeleteKeyW
AllocateAndInitializeSid
GetTokenInformation
QueryServiceConfigW
GetLengthSid
GetAce
SetSecurityInfo
GetKernelObjectSecurity
RegQueryValueExW
RegOpenKeyW
RegSetValueExW
LookupPrivilegeNameW
SetTokenInformation
QueryServiceObjectSecurity
GetSecurityInfo
RegOpenKeyExW
CloseServiceHandle
RegConnectRegistryW
RegCreateKeyW
SetKernelObjectSecurity
StartServiceW
LookupPrivilegeValueW
GetSidSubAuthority

kernel32

GetModuleHandleW
GetSystemTimeAsFileTime
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetBinaryTypeA
_llseek
CreateTimerQueueTimer
CancelIo
GetCPInfo
GetDefaultCommConfigA
SetConsoleNumberOfCommandsW
SetDefaultCommConfigW
FindNextFileW
EnumUILanguagesA
SetEndOfFile
SignalObjectAndWait
LocalFlags
GetVersionExW
SetSystemPowerState
lstrcmpiW
GetConsoleInputExeNameW
GetConsoleHardwareState
UnhandledExceptionFilter
WriteConsoleInputW
CompareStringW

ntdll

RtlAppendUnicodeToString
RtlGetGroupSecurityDescriptor
RtlInitializeHandleTable
NtCreateKey
ZwReleaseMutant
RtlDnsHostNameToComputerName
ZwQueryEvent
NtAccessCheckByTypeResultListAndAuditAlarm
RtlFormatCurrentUserKeyPath
ZwDisplayString
ZwAdjustPrivilegesToken
ZwReadFileScatter
ZwOpenThreadToken
isprint
LdrDisableThreadCalloutsForDll
NtRestoreKey
CsrSetPriorityClass
wcscspn
ZwQueryMutant

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 868B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ec6386118ca92c9fab16b509212d218a

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

ntdll

Sections

.text Size: 50KB - Virtual size: 50KB

.rdata Size: 1024B - Virtual size: 868B

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 984B

.text
Size: 50KB - Virtual size: 50KB

.rdata
Size: 1024B - Virtual size: 868B

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 984B