b6ecdacc625e7bbc3496e5c030cad467_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

b6ecdacc625e7bbc3496e5c030cad467_JaffaCakes118
Size

320KB
MD5

b6ecdacc625e7bbc3496e5c030cad467
SHA1

177477a537954312ba89007f90408bc25e96fb93
SHA256

c813ab20659b294b891e8a29f5b339dcd508dba086eed249ec1b2c10797c85bb
SHA512

114a3d488465c4d0db119ca0e006ab721171dda3684dec4a3476b0f31f78b4a9bfedbea38d92942d14fd40d940b6b267d6a8854a99d70be08bb22f135acfc8ca
SSDEEP

6144:uEXSRFGu2I2SsQ01mOX0eyInGVEMjKLZ2HrvVh27Ii/Ja9J6+Ex4/4/PZcuXvSL:DX+ApSsQ01mteyInGVxjKLZ2HrmZ/JaG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b6ecdacc625e7bbc3496e5c030cad467_JaffaCakes118

Files

b6ecdacc625e7bbc3496e5c030cad467_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c772d702847957867f702cca2d956d1c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetConsoleCtrlHandler
SetProcessShutdownParameters
GetCurrentProcessId
GetModuleHandleA
GetCurrentThreadId
GetComputerNameA
GetVersionExA
GetProcAddress
FreeLibrary
ReleaseMutex
CreateMutexA
LoadLibraryA
IsBadWritePtr
CreateEventA
IsBadReadPtr
WriteFile
SetFilePointer
CreateFileA
LocalFree
FormatMessageA
CreateThread
TerminateThread
SuspendThread
GetTickCount
ResetEvent
CopyFileA
MoveFileA
DeleteFileA
SetCommTimeouts
GetCommTimeouts
ClearCommError
ReadProcessMemory
OpenProcess
GetCurrentThread
GetSystemDirectoryA
GetWindowsDirectoryA
MoveFileExA
ReleaseSemaphore
WaitForSingleObject
DuplicateHandle
GetCurrentProcess
DeviceIoControl
DefineDosDeviceA
QueryDosDeviceA
ReadFile
CreateNamedPipeA
SetNamedPipeHandleState
RtlUnwind
ResumeThread
TlsSetValue
ExitThread
GetCommandLineA
GetVersion
ExitProcess
HeapFree
HeapAlloc
RaiseException
GetTimeZoneInformation
GetSystemTime
GetLocalTime
InterlockedDecrement
InterlockedIncrement
HeapReAlloc
TlsAlloc
TlsGetValue
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
TerminateProcess
CloseHandle
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapSize
SetUnhandledExceptionFilter
MultiByteToWideChar
LCMapStringA
LCMapStringW
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
SetStdHandle
FlushFileBuffers
GetStringTypeA
GetStringTypeW
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetModuleFileNameA
Sleep
CreateProcessA
OpenEventA
SetEvent
OpenSemaphoreA
CreateSemaphoreA
GetLastError
GetExitCodeThread
SetLastError
UnhandledExceptionFilter

user32

wsprintfA
PostMessageA
RegisterWindowMessageA
PostQuitMessage
DestroyWindow
DefWindowProcA
UnregisterClassA
DispatchMessageA
TranslateMessage
GetMessageA
IsWindow
CreateWindowExA
RegisterClassA
LoadCursorA
MessageBoxA

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
FreeSid
RegSetKeySecurity
StartServiceA
SetSecurityDescriptorOwner
ControlService
InitializeAcl
AddAccessAllowedAce
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
SetServiceStatus
AllocateAndInitializeSid
ImpersonateNamedPipeClient
RevertToSelf
RegCreateKeyA
RegDeleteValueA
RegDeleteKeyA
OpenThreadToken
DuplicateToken
SetThreadToken
RegQueryInfoKeyA
RegEnumValueA
RegEnumKeyExA
QueryServiceConfigA
QueryServiceStatus
OpenSCManagerA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CloseServiceHandle
OpenServiceA
CreateServiceA
DeleteService
UnlockServiceDatabase
ChangeServiceConfigA
LockServiceDatabase

winspool.drv

GetPrinterDataA
EnumPortsA
ClosePrinter
GetPrinterDriverA
OpenPrinterA
EnumPrintersA
DeleteMonitorA
AddPortA

mpr

WNetGetConnectionA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

rpcrt4

RpcServerRegisterIf
RpcServerListen
RpcServerUseProtseqA
NdrFullPointerXlatInit
NdrPointerUnmarshall
NdrFullPointerXlatFree
NdrConformantStringBufferSize
RpcEpRegisterA
RpcServerInqBindings
NdrConformantArrayMarshall
NdrSimpleStructMarshall
NdrComplexStructBufferSize
NdrComplexStructMarshall
NdrClientInitializeNew
I_RpcGetCurrentCallHandle
NdrGetBuffer
NdrSendReceive
NdrFreeBuffer
NdrServerInitializeNew
NdrConvert
RpcRaiseException
I_RpcGetBuffer
NdrConformantArrayUnmarshall
NdrAllocate
NdrSimpleStructUnmarshall
NdrConformantStringUnmarshall
NdrComplexStructUnmarshall
NdrPointerFree
RpcBindingVectorFree
RpcRevertToSelf
RpcImpersonateClient
NdrConformantArrayBufferSize
NdrConformantStringMarshall
RpcServerUnregisterIf
RpcEpUnregister
RpcMgmtWaitServerListen
RpcMgmtStopServerListening

Sections

.text
Size: 232KB - Virtual size: 228KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c772d702847957867f702cca2d956d1c

Headers

File Characteristics

Imports

kernel32

user32

advapi32

winspool.drv

mpr

version

rpcrt4

Sections

.text Size: 232KB - Virtual size: 228KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 44KB - Virtual size: 54KB

.rsrc Size: 24KB - Virtual size: 21KB

.text
Size: 232KB - Virtual size: 228KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 44KB - Virtual size: 54KB

.rsrc
Size: 24KB - Virtual size: 21KB