ba167b2c14a5cef3179ef2f0c8f04403_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ba167b2c14a5cef3179ef2f0c8f04403_JaffaCakes118
Size

88KB
MD5

ba167b2c14a5cef3179ef2f0c8f04403
SHA1

98aef9c7ac53b5c274ff935993cb5217d55b0aa4
SHA256

506b55970fc0fae86f32906880f47963900c680c50a07ae6f3f9f290fd2bf786
SHA512

6eeaecdda892ec5750305036377189a950f289eecde1dd8f02e6a50027aa8fb6cec1491bdd8542faac9002d038d632edc4603ca0d464894e64e40e8fee3cb026
SSDEEP

1536:OjIBplBlEIKBlAEqGxnATKprTXGNzAEqG9UnATKprTjiM9NzAEqG9UnA4eA3pKwi:Oj1IK7f8sRnM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ba167b2c14a5cef3179ef2f0c8f04403_JaffaCakes118

Files

ba167b2c14a5cef3179ef2f0c8f04403_JaffaCakes118
.exe windows:4 windows x86 arch:x86

aed0ac8b3cd0a7a80c4301c6ae7a3787

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mpr

WNetAddConnection2A
WNetCancelConnection2A

kernel32

SizeofResource
LoadResource
FindResourceA
ReadFile
WriteFile
LockResource
LocalFree
FormatMessageA
GetComputerNameA
GetFullPathNameA
GetCommandLineA
GetVersion
SetLastError
GetTickCount
OpenProcess
TerminateProcess
GetCurrentProcess
GetLastError
CloseHandle
GetModuleHandleA
GetProcAddress
CreateFileA
DeleteFileA
HeapFree
GetModuleFileNameA
UnhandledExceptionFilter
HeapAlloc
ExitProcess
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
FlushFileBuffers
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetConsoleMode
GetCPInfo
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
RtlUnwind
SetStdHandle
SetFilePointer
SetEndOfFile
GetACP
GetOEMCP
LoadLibraryA
LCMapStringA
LCMapStringW
ReadConsoleInputA
SetConsoleMode

advapi32

OpenServiceA
DeleteService
StartServiceA
QueryServiceStatus
CreateServiceA
CloseServiceHandle
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenSCManagerA
ControlService

Sections

DE0233CF
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

FBACFE30
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

36CA7145
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 44B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

28CA7382
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

aed0ac8b3cd0a7a80c4301c6ae7a3787

Headers

File Characteristics

Imports

mpr

kernel32

advapi32

Sections

DE0233CF Size: 24KB - Virtual size: 23KB

FBACFE30 Size: 4KB - Virtual size: 2KB

36CA7145 Size: 8KB - Virtual size: 11KB

.idata Size: 36KB - Virtual size: 32KB

.reloc Size: 4KB - Virtual size: 44B

28CA7382 Size: 8KB - Virtual size: 5KB

DE0233CF
Size: 24KB - Virtual size: 23KB

FBACFE30
Size: 4KB - Virtual size: 2KB

36CA7145
Size: 8KB - Virtual size: 11KB

.idata
Size: 36KB - Virtual size: 32KB

.reloc
Size: 4KB - Virtual size: 44B

28CA7382
Size: 8KB - Virtual size: 5KB