bb44fa18b4cc6445ed0364d34e0607ab_JaffaCakes118

General

Target

bb44fa18b4cc6445ed0364d34e0607ab_JaffaCakes118
Size

26KB
MD5

bb44fa18b4cc6445ed0364d34e0607ab
SHA1

f23847c67988c1accaf70d67c3d1148b78d972ff
SHA256

ca9cfbbda50e60ce77161d2e6b7913592490598101adf4103d0af7a5273be8cb
SHA512

9bc914178e2d1d8756f28c7d5a62184011ab9ca23deff5d6f90cc658bb25a3fcf5c8366aa6a32b0190ed601c73c5a481bccef151442efddf1725e6fb0971ad4e
SSDEEP

768:sT8QDAOJtc04ZvIiglK1puZQggER++QTt8hM:sGOtcnZvIe14ZQnER++QTShM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bb44fa18b4cc6445ed0364d34e0607ab_JaffaCakes118

Files

bb44fa18b4cc6445ed0364d34e0607ab_JaffaCakes118
.exe windows:4 windows x86 arch:x86

11c90ded81978cc5d31d06b8832e5196

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFilePointer
GetModuleFileNameA
DeleteFileA
CopyFileA
GetFileSize
GetSystemDirectoryA
Process32Next
lstrcmpiA
Process32First
CreateToolhelp32Snapshot
lstrlenA
GetCurrentProcess
ExpandEnvironmentStringsA
WinExec
ReadFile
GetTempPathA
Sleep
GetWindowsDirectoryA
UnmapViewOfFile
GetCurrentThreadId
MapViewOfFile
CreateFileMappingA
GetTickCount
OpenProcess
TerminateProcess
GetLastError
CreateMutexA
GetModuleHandleA
FindResourceA
LoadResource
LockResource
SizeofResource
SetFileAttributesA
CreateFileA
WriteFile
CloseHandle
LoadLibraryA
lstrcpyA
lstrcatA
GetProcAddress
MoveFileExA
OutputDebugStringA

user32

GetWindow
GetTopWindow
GetDesktopWindow
GetClassNameA
GetMessageA
wsprintfA

advapi32

RegRestoreKeyA
CloseServiceHandle
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegCreateKeyA
RegSaveKeyA
RegOpenKeyExA
CreateServiceA
OpenSCManagerA
RegQueryValueExA
StartServiceA

shell32

ShellExecuteA

msvcrt

memmove
strstr
_stricmp

shlwapi

SHDeleteKeyA

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 769B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

11c90ded81978cc5d31d06b8832e5196

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

msvcrt

shlwapi

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 769B

.rsrc Size: 17KB - Virtual size: 17KB

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 769B

.rsrc
Size: 17KB - Virtual size: 17KB