c8563c0ea367c86eabb87ba89ac8d3cf_JaffaCakes118

General

Target

c8563c0ea367c86eabb87ba89ac8d3cf_JaffaCakes118
Size

14KB
MD5

c8563c0ea367c86eabb87ba89ac8d3cf
SHA1

3fc9ae5647eda0cf8ce5233f482c7f334a99de8e
SHA256

0d9287843afacaffe355ca153032ec7e01196b94c9448aef85e9d579785dd63b
SHA512

52915b4838411cf78af84ccea66793df0a6d3528f56fa7ed85a13d5bdf7a708b505786f6db06d047a3c55035fd8e53bbc2bb786fc0f9ad1029164ec7e117811d
SSDEEP

384:JI+ykplh5SGzJAt9qohPKZHdCT6/LCtkodiI9pc:qXUlh53JAt9qo4BDc3iUpc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c8563c0ea367c86eabb87ba89ac8d3cf_JaffaCakes118

Files

c8563c0ea367c86eabb87ba89ac8d3cf_JaffaCakes118
.exe windows:5 windows x86 arch:x86

7fab8daea53877af9930576b1425c206

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_purecall
memset
??2@YAPAXI@Z
??3@YAXPAX@Z

kernel32

CreateEventW
GetCommandLineW
GetVolumeInformationW
GetComputerNameW
CopyFileW
DeleteFileW
CreateFileW
SetFileAttributesW
CreateProcessW
GetTempPathW
CreateDirectoryW
lstrlenW
GetTickCount
GetSystemDirectoryW
RemoveDirectoryW
ExitProcess
Sleep
lstrcatW
GetModuleHandleW
GetModuleFileNameW
lstrcmpiW
SetEvent
WaitForSingleObject
lstrcpyW
VirtualProtect
RtlMoveMemory
LoadLibraryA
GetProcAddress
LocalAlloc
LocalFree
GetCurrentProcess
GetLastError
CloseHandle
GetVersionExW

user32

MessageBoxW
wsprintfW
CharUpperW

advapi32

CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
RegDeleteValueW
CreateServiceW
RegDeleteKeyW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegSetValueW
ControlService
StartServiceW
QueryServiceStatus
OpenSCManagerW
OpenServiceW
CloseServiceHandle
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
SetServiceStatus
AddAccessAllowedAce
SetSecurityDescriptorDacl
FreeSid
AllocateAndInitializeSid
GetSecurityDescriptorLength
MakeSelfRelativeSD
InitializeAcl
InitializeSecurityDescriptor
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
CryptCreateHash
CryptAcquireContextW
RegQueryValueExW
RegSetValueExW
DeleteService

shell32

CommandLineToArgvW

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 564B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7fab8daea53877af9930576b1425c206

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

user32

advapi32

shell32

Sections

.text Size: 10KB - Virtual size: 9KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 564B

.text
Size: 10KB - Virtual size: 9KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 564B