ad84cf8f4b9507650dd644c7380a8528_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ad84cf8f4b9507650dd644c7380a8528_JaffaCakes118
Size

107KB
MD5

ad84cf8f4b9507650dd644c7380a8528
SHA1

f83c3be325260963f46a3b156c8e3a0426eb7918
SHA256

6bdf16d52390bf052958d70dd7a83ce1914f4d4a2f77adb77b7e213adea8866d
SHA512

03490b1d7e494b9af60864a5f42a591988ffb16f20cc4096e21f595efd128de26321cc82c30738fc5f057d713b272ff6b242b7ea50dbf99f5d464c8ed8b35182
SSDEEP

1536:U8a4RF1nxBiDTzwEsVgRp1LZTD6kZMS6Cm+KyBkvLoDtLNXimNC6vfV4sYjuH:U8a4TFxBpVir5xzJf4LoDtLsaVW7ja

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ad84cf8f4b9507650dd644c7380a8528_JaffaCakes118

Files

ad84cf8f4b9507650dd644c7380a8528_JaffaCakes118
.exe windows:4 windows x86 arch:x86

edbde3a892ea31b363a3db99e9fe2d98

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

OleInitialize
OleSetContainedObject
OleCreate
CoInitialize
StgCreateDocfile
CoSuspendClassObjects
CoUninitialize

advapi32

CreateServiceA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
AllocateAndInitializeSid
FreeSid
OpenProcessToken
StartServiceCtrlDispatcherA
QueryServiceStatus
OpenThreadToken
OpenServiceA
OpenSCManagerA
LookupPrivilegeValueW
GetTokenInformation
DeleteService
SetServiceStatus
SetSecurityDescriptorDacl
SetEntriesInAclA
RegisterServiceCtrlHandlerA
RegSetValueExA
RegEnumKeyA
InitializeSecurityDescriptor

winscard

SCardControl
SCardCancel
SCardConnectA
SCardDisconnect

sfc

SfcIsFileProtected

kernel32

LCMapStringW
GetTimeZoneInformation
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
RaiseException
LCMapStringA
SetConsoleCtrlHandler
GetStringTypeW
GetStringTypeA
ReadFile
SetStdHandle
GetOEMCP
GetACP
Sleep
GetCurrentThreadId
LoadLibraryA
GetProcAddress
GetProfileStringW
lstrlenA
GetTempPathA
EnterCriticalSection
InitializeCriticalSection
InterlockedExchange
DeleteCriticalSection
LeaveCriticalSection
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
RtlUnwind
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
FatalAppExitA
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapAlloc
HeapSize
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
GetCurrentThread
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
WriteFile
SetFilePointer
FlushFileBuffers
CloseHandle
SetUnhandledExceptionFilter
VirtualAlloc
IsBadWritePtr
GetCPInfo
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetVersionExA
IsBadReadPtr
IsBadCodePtr

Exports

Exports

Exa
Zobycola
ireco

Sections

.text
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 499KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

edbde3a892ea31b363a3db99e9fe2d98

Headers

File Characteristics

Imports

ole32

advapi32

winscard

sfc

kernel32

Exports

Exports

Sections

.text Size: 65KB - Virtual size: 64KB

.rdata Size: 18KB - Virtual size: 17KB

.data Size: 19KB - Virtual size: 499KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 65KB - Virtual size: 64KB

.rdata
Size: 18KB - Virtual size: 17KB

.data
Size: 19KB - Virtual size: 499KB

.reloc
Size: 4KB - Virtual size: 3KB