bdbfee4770602ad45f97c3545f934aeb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bdbfee4770602ad45f97c3545f934aeb_JaffaCakes118
Size

449KB
MD5

bdbfee4770602ad45f97c3545f934aeb
SHA1

0d757faab7f7c856ffe0d8e556f750efb19261c4
SHA256

80c8432d25c3f0c1a099b89f6785a7e760a46515fcd802db02cf90e9a858da19
SHA512

e7eca3c322f9eb3c56fd1b4ca2d39c930920763044c840a1c30989e3e06935da7d6bb72b36fbc9534534d7be8860b5ac7d6b7c47c849bd25dbdc03b7ef5e3e87
SSDEEP

12288:+x0E1gMEcrjJJwtVpqbyNKQS/2uV8HQ1ovo7:+x0Y3DAdrA2uSwT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bdbfee4770602ad45f97c3545f934aeb_JaffaCakes118

Files

bdbfee4770602ad45f97c3545f934aeb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5d4fe1fcb9936d354bdb1ddc80ec1765

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlAdjustPrivilege
NtAllocateVirtualMemory

shlwapi

StrChrW
StrRChrW
PathBuildRootW
PathCombineW
PathFileExistsW
PathAppendW
PathAddBackslashW
StrStrIW
PathRemoveFileSpecW

msvcrt

_adjust_fdiv
_wcsicmp
memcpy
free
memmove
_vsnwprintf
_wcsnicmp
longjmp
_vsnprintf
memset
_wtol
malloc
_XcptFilter
_initterm
bsearch
_setjmp3
_wtoi
_ultow
_amsg_exit

oleaut32

VariantClear

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

gdi32

DeleteObject
GetStockObject
CreateFontIndirectW
GetObjectW
GetDeviceCaps

setupapi

SetupCommitFileQueueW
SetupOpenFileQueue
SetupGetStringFieldW
SetupDefaultQueueCallbackW
SetupSetDirectoryIdW
SetupOpenInfFileW
SetupQueueCopyW
SetupFindFirstLineW
SetupOpenAppendInfFileW
SetupCloseInfFile
SetupCloseFileQueue
SetupInitDefaultQueueCallbackEx
SetupTermDefaultQueueCallback
SetupGetLineTextW
SetupFindNextLine
SetupInstallFromInfSectionW

kernel32

GetStartupInfoA

rpcrt4

RpcStringFreeW

advapi32

CancelOverlappedAccess
AllocateAndInitializeSid
RegEnumValueW
GetTokenInformation
ConvertSidToStringSidA
CredRenameW
LookupPrivilegeValueW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExA
CreateServiceW
RegSaveKeyW
OpenProcessToken
RegQueryInfoKeyW
RegQueryValueExA
BuildTrusteeWithNameA
RegOpenKeyExW
ControlTraceA
AdjustTokenPrivileges
RegDeleteKeyW
RegUnLoadKeyW
RegDeleteValueW
RegCloseKey
FreeSid

ole32

CoTaskMemFree
OleInitialize
OleUninitialize

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 189KB - Virtual size: 189KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 118KB - Virtual size: 928KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rdata
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5d4fe1fcb9936d354bdb1ddc80ec1765

Headers

File Characteristics

Imports

ntdll

shlwapi

msvcrt

oleaut32

version

gdi32

setupapi

kernel32

rpcrt4

advapi32

ole32

Sections

.text Size: 12KB - Virtual size: 12KB

.rsrc Size: 189KB - Virtual size: 189KB

.data Size: 118KB - Virtual size: 928KB

.reloc Size: 512B - Virtual size: 36B

.rdata Size: 127KB - Virtual size: 127KB

.text
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 189KB - Virtual size: 189KB

.data
Size: 118KB - Virtual size: 928KB

.reloc
Size: 512B - Virtual size: 36B

.rdata
Size: 127KB - Virtual size: 127KB