bb2e1045260e5fe45deef4ef0d20cf42_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bb2e1045260e5fe45deef4ef0d20cf42_JaffaCakes118
Size

40KB
MD5

bb2e1045260e5fe45deef4ef0d20cf42
SHA1

a88857e779e31450161242e4795b6104a5bef412
SHA256

c834df1a5eb864c5115c5614e19d7c3bc619f409a7f03b89e7b0a4eb5947018a
SHA512

3004e00367dad04e0ba18065afec35bcb7d3ed0051e50136fe79f8768e68003a84e0844377ca221c87d19cc6381f246c9c1b08519fcb7a4c393bf591d490a382
SSDEEP

768:6JBMkWqVFcsbkrjtzsLLzEugewu/hNVq:67FW6csQ9sJhNQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bb2e1045260e5fe45deef4ef0d20cf42_JaffaCakes118

Files

bb2e1045260e5fe45deef4ef0d20cf42_JaffaCakes118
.exe windows:4 windows x86 arch:x86

09821ce327fc4c17fa27e830da61bb21

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesA
SetFileAttributesA
DeleteFileA
CopyFileA
DeleteCriticalSection
InitializeCriticalSection
GetModuleHandleA
GetModuleFileNameA
EnterCriticalSection
LeaveCriticalSection
SetEvent
Sleep
LocalAlloc
LocalFree
GetVersionExA
CreateEventA
WaitForSingleObject
FlushFileBuffers
DisconnectNamedPipe
ReadFile
WriteFile
CreateNamedPipeA
ConnectNamedPipe
GetLastError
CloseHandle
CreateThread
LoadLibraryA
GetProcAddress
GetPrivateProfileStringA
FreeLibrary

user32

SendMessageA
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA

advapi32

RegQueryValueExA
RegCreateKeyA
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
RegOpenKeyExA
RegNotifyChangeKeyValue
RegCloseKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
OpenServiceA
ControlService
CloseServiceHandle
OpenSCManagerA
RegQueryInfoKeyA
RegEnumValueA
GetAce
InitializeAcl
GetLengthSid
LookupAccountNameA
RegSetKeySecurity
RegGetKeySecurity

mfc42

ord6140
ord5856
ord772
ord800
ord858
ord540
ord500
ord825
ord5860
ord5861
ord2818
ord541
ord823
ord924
ord6142
ord801
ord535
ord2764
ord926
ord537
ord4277
ord4129
ord654
ord341
ord5858
ord860
ord6883
ord6143
ord665
ord1979
ord3318
ord5186
ord354
ord561
ord815
ord5683
ord5608
ord939
ord1567
ord690
ord1988
ord5207
ord389
ord268

msvcrt

strchr
_onexit
calloc
_except_handler3
strncpy
__dllonexit
atol
strncmp
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__p___initenv
exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
__CxxFrameHandler
atoi
sprintf
free
malloc
_mbscmp

msvcp60

??0Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

09821ce327fc4c17fa27e830da61bb21

Headers

File Characteristics

Imports

kernel32

user32

advapi32

mfc42

msvcrt

msvcp60

Sections

.text Size: 20KB - Virtual size: 18KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 4KB - Virtual size: 160B

.text
Size: 20KB - Virtual size: 18KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 160B