c7c76da0a5ec5dc78b1a6c6946a22c4c_JaffaCakes118

General

Target

c7c76da0a5ec5dc78b1a6c6946a22c4c_JaffaCakes118
Size

188KB
MD5

c7c76da0a5ec5dc78b1a6c6946a22c4c
SHA1

fa74a1942a4ca5107c1485e7192f9df69b715a8d
SHA256

13805fb8514f89a5c6a2caf45965445b0d4f2d0b8486651b4eb9bad9febaf7dc
SHA512

e8f3e81fb10a7644b1b387ff2a35968f05a0082289ca38e6c30c58a45ba2aa8cf7cb7e777496322eda5e03ca28550e57dd7036dd3da7a045ada876f24e3d2de7
SSDEEP

3072:W0/ab98nBLB9mUTwiyesPX3h0GZ9lnWswFAe6epOhgmT3vB:d/a6BlgEjyxZvbYfpORT3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c7c76da0a5ec5dc78b1a6c6946a22c4c_JaffaCakes118

Files

c7c76da0a5ec5dc78b1a6c6946a22c4c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1c3e527e01e0d5f485d968f70a11620b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThread
GetCurrentProcessId
SetFileAttributesA
DeleteFileA
lstrlenA
CreateDirectoryA
GetCurrentProcess
GetCommandLineA
SetUnhandledExceptionFilter
ExpandEnvironmentStringsA
GetShortPathNameA
GetFileAttributesA
CreateEventA
WaitForSingleObject
GetModuleFileNameA
LoadLibraryA
SleepEx
GetSystemDirectoryA
GetTickCount
CreateFileA
WriteFile
GetFileTime
SetFileTime
CloseHandle
MoveFileA
GetTempPathA
GetCurrentDirectoryA
ExitProcess
GetLastError
GetModuleHandleA
GetProcAddress
Sleep
RaiseException
InterlockedExchange
LocalAlloc
FreeLibrary
GetStartupInfoA

advapi32

OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
GetServiceKeyNameA
GetServiceDisplayNameA
ControlService
CreateServiceA
RegSaveKeyA
RegRestoreKeyA
DeleteService
CloseServiceHandle
ChangeServiceConfig2A
OpenSCManagerA
OpenServiceA
ChangeServiceConfigA
StartServiceA
RegCreateKeyExA
RegSetValueExA
RegDeleteKeyA
RegDeleteValueA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

msvcrt

strlen
rand
memcpy
??2@YAPAXI@Z
srand
__CxxFrameHandler
strncpy
_ftol
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
??1type_info@@UAE@XZ
_controlfp
_strlwr
_stricmp
memset
strcpy
strchr
strcat
_except_handler3
_strrev

ws2_32

listen

Sections

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1c3e527e01e0d5f485d968f70a11620b

Headers

File Characteristics

Imports

kernel32

advapi32

msvcrt

ws2_32

Sections

.text Size: 12KB - Virtual size: 9KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 164KB - Virtual size: 164KB

.rsrc Size: 4KB - Virtual size: 3KB

.text
Size: 12KB - Virtual size: 9KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 164KB - Virtual size: 164KB

.rsrc
Size: 4KB - Virtual size: 3KB