b2981344d9baeb73b9f242c8b3665747_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b2981344d9baeb73b9f242c8b3665747_JaffaCakes118
Size

161KB
MD5

b2981344d9baeb73b9f242c8b3665747
SHA1

ed4233e59ee5022837ce415eda4d11d30de9c266
SHA256

14cf37133d7c3ee00983860e065e1ac1a955d28aa5b6d3d3055130ea099f72cf
SHA512

529096f011c0e3e7883f6fc656c96f3364ad33707842b7bb3d1e39bcac42fb2faf536aa08cd8bb600344903f450e11bdc3be745f5d636361535cfbae589e6fa9
SSDEEP

3072:Bj3aKS1Mu7jObKcXSenecDYNV2JG6Vv5ObH3t2ZHWdkYLB9bZNUJnP:Bw7jtbeiNV2syWaCB9bPUJn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b2981344d9baeb73b9f242c8b3665747_JaffaCakes118

Files

b2981344d9baeb73b9f242c8b3665747_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3ede490411709d2f3ded53b642215cff

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapSize
LCMapStringW
QueryPerformanceCounter
HeapFree
UnhandledExceptionFilter
TerminateProcess
GetConsoleOutputCP
GetOEMCP
CompareStringW
HeapDestroy
SetEndOfFile
SetEnvironmentVariableA
RaiseException
FreeLibrary
LoadLibraryA
GetStringTypeW
WriteFile
EnterCriticalSection
VirtualAlloc
GetCPInfo
GetDateFormatA
IsDebuggerPresent
SetFilePointer
SetStdHandle
EnumResourceTypesA
GetACP
InitializeCriticalSection
GetLocaleInfoA
VirtualFree
WriteConsoleA
HeapCreate
CreateMailslotW
HeapReAlloc
ReadFile
LeaveCriticalSection
GetTimeFormatA
GetSystemTimeAsFileTime
MultiByteToWideChar
RtlUnwind
LCMapStringA
GetTickCount
GetCurrentProcessId
IsValidCodePage
CompareStringA
GetCurrentProcess
SetUnhandledExceptionFilter
GetTimeZoneInformation
GetStringTypeA

advapi32

LookupAccountSidW
CreateServiceW
QueryServiceStatus
EnumDependentServicesW
GetSecurityDescriptorControl
RegQueryValueExW
GetAclInformation
RegDeleteKeyW
IsValidSecurityDescriptor
InitializeAcl
SetSecurityDescriptorDacl
LookupPrivilegeDisplayNameA
GetAce
InitializeSecurityDescriptor
GetSecurityInfo
RegSaveKeyW
SetEntriesInAclW
FreeSid
FreeInheritedFromArray
RegGetKeySecurity
IsValidAcl
QueryServiceLockStatusW
EqualSid
LookupPrivilegeValueA
AddAce
GetTokenInformation
UnlockServiceDatabase
RegCloseKey
ChangeServiceConfig2W
AdjustTokenPrivileges
RegEnumKeyExW
AllocateAndInitializeSid
ChangeServiceConfigW
RegCreateKeyExW
SetSecurityInfo
SetNamedSecurityInfoW
CloseServiceHandle
SetEntriesInAclA
LockServiceDatabase
QueryServiceConfigW
RegRestoreKeyW
OpenServiceW
RegOpenKeyExW
DeleteService
GetNamedSecurityInfoW
OpenProcessToken
RegDeleteValueW
LookupPrivilegeNameA
ControlService
StartServiceA
GetInheritanceSourceW
OpenSCManagerW
RegSetValueExW
RegEnumValueW

oleacc

LresultFromObject
AccessibleObjectFromPoint

iphlpapi

GetIpAddrTable

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 410KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3ede490411709d2f3ded53b642215cff

Headers

File Characteristics

Imports

kernel32

advapi32

oleacc

iphlpapi

Sections

.text Size: 40KB - Virtual size: 39KB

.rdata Size: 3KB - Virtual size: 410KB

.data Size: 117KB - Virtual size: 116KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 40KB - Virtual size: 39KB

.rdata
Size: 3KB - Virtual size: 410KB

.data
Size: 117KB - Virtual size: 116KB

.rsrc
Size: 512B - Virtual size: 4KB