ce1fce990ebd1ddfb29236f85d224047_JaffaCakes118

General

Target

ce1fce990ebd1ddfb29236f85d224047_JaffaCakes118
Size

1.3MB
MD5

ce1fce990ebd1ddfb29236f85d224047
SHA1

fcf6ac0f7398604cfaa20fa61bfd712e7ce5eac8
SHA256

97f6c5b98ade0f5edcd146f1b7c1e68ddc28a8ae8f5cb0d9a4b9d8fbf56ddaa4
SHA512

3fe756c34557602531a5dfa4df0c68229c1d4e5ae33918ffdefb87b15944781e2d54922752ed8cab3386425f49bde36ee2225011347bada157e9d54f4e700d76
SSDEEP

24576:Wmj6SpYCnR3dK57UGGMdNQMFoaSMwCVlbML9AbsJ0pKzlEC:8SpYCnRo7DrdpblwgbML7+47

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ce1fce990ebd1ddfb29236f85d224047_JaffaCakes118

Files

ce1fce990ebd1ddfb29236f85d224047_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2bfd743fea37f0c974a93a9901bbfab3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathW
VirtualProtect
SetTapePosition
GetModuleHandleW
GetStartupInfoW

advapi32

SetEntriesInAclW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
LookupPrivilegeValueW
GetTokenInformation
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
AdjustTokenPrivileges
SetServiceStatus
SetSecurityDescriptorDacl
RegisterServiceCtrlHandlerW
RegSetValueExW
RegEnumKeyW
InitializeSecurityDescriptor
StartServiceCtrlDispatcherW
OpenProcessToken
FreeSid
AllocateAndInitializeSid

ole32

CoTaskMemFree
CoInitialize
CoUninitialize
CoTaskMemAlloc
CoCreateInstance

ws2_32

WSAConnect
WSAWaitForMultipleEvents
WSASocketW

wtsapi32

WTSLogoffSession
WTSQueryUserToken
WTSCloseServer

msvcrt

malloc
_onexit
__dllonexit
_controlfp
__setusermatherr
_initterm
__wgetmainargs
_except_handler3
__set_app_type
__p__fmode
__p__commode
time
strncmp
fclose
fwrite
fseek
fopen
free
_wcmdln
_exit
_XcptFilter
exit
_adjust_fdiv

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 400KB - Virtual size: 399KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 224KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2bfd743fea37f0c974a93a9901bbfab3

Headers

File Characteristics

Imports

kernel32

advapi32

ole32

ws2_32

wtsapi32

msvcrt

Sections

.text Size: 32KB - Virtual size: 29KB

.rdata Size: 400KB - Virtual size: 399KB

.data Size: 224KB - Virtual size: 1.4MB

.tls Size: 4KB - Virtual size: 44B

.rsrc Size: 28KB - Virtual size: 25KB

.text
Size: 32KB - Virtual size: 29KB

.rdata
Size: 400KB - Virtual size: 399KB

.data
Size: 224KB - Virtual size: 1.4MB

.tls
Size: 4KB - Virtual size: 44B

.rsrc
Size: 28KB - Virtual size: 25KB