ce8ed93f86f3b81304ea746b770aa637_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ce8ed93f86f3b81304ea746b770aa637_JaffaCakes118
Size

317KB
MD5

ce8ed93f86f3b81304ea746b770aa637
SHA1

7e23b7fadc1f2528a91fb0c370110f4cb2c0d0dc
SHA256

9071aa620447db9cf64c73c2c909ff29e601265b08ee528d63bdc5e49e401fbc
SHA512

ff5d1d3fb1a9843c791460fc4d6122ae863c52236fc72dd607c94df86ae432a13b31c4995cb56ab41802fddba5c149d46da9f26f1e1b1f7b86a6398c464b5e77
SSDEEP

6144:YDQ+S3y/swqM2x+nTxjMu09k3pxJnO5Lr253YculJxfFN6n8v0irU:e6y/tqfx+nTxgkZ78L653G9FN/V

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ce8ed93f86f3b81304ea746b770aa637_JaffaCakes118

Files

ce8ed93f86f3b81304ea746b770aa637_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ff189709716c4399ac45878bc994519e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoUninitialize
CoCreateInstance
CoInitializeEx

advapi32

RegCloseKey
RegOpenKeyA
OpenSCManagerA
StartServiceA
RegQueryValueExW
RegSetValueExA
OpenServiceA
RegOpenKeyW
QueryServiceStatus
ChangeServiceConfigA
RegEnumKeyA
RegOpenKeyExA
CloseServiceHandle
RegQueryValueExA

tapi32

lineOpen
lineGetDevCapsW
lineInitializeExW
lineGetID
lineNegotiateAPIVersion
lineShutdown
lineClose

user32

wsprintfA

setupapi

SetupGetSourceInfoA
SetupPromptForDiskA
SetupDiCallClassInstaller
SetupDiOpenDevRegKey
SetupDiCreateDeviceInfoList
SetupDiGetClassDevsW
SetupGetSourceFileLocationA
SetupDiGetDeviceInstanceIdW
SetupDiEnumDeviceInfo
SetupDiSetClassInstallParamsA
SetupOpenMasterInf
SetupDiDestroyDeviceInfoList
SetupCloseInfFile

kernel32

GlobalFree
Sleep
VirtualFree
GetModuleHandleA
GetStringTypeA
GetTickCount
GetTempFileNameW
VirtualAlloc
lstrlenA
GetCPInfo
lstrcpyA
GetLocaleInfoA
lstrcmpiW
WriteFile
LoadLibraryW
LCMapStringW
HeapFree
FormatMessageA
VirtualProtect
LoadLibraryA
GetProcAddress
GetProcessHeap
GetShortPathNameW
GetLastError
MultiByteToWideChar
lstrcmpiA
CreateFileA
GetVersionExA
GetSystemInfo
GetStringTypeW
DeleteFileW
GetTempPathW
lstrcmpA
CreateDirectoryW
LCMapStringA
ExitProcess
WideCharToMultiByte
FreeLibrary
lstrlenW
VirtualQuery
HeapAlloc
CloseHandle

ntdll

NtAllocateVirtualMemory
RtlUshortByteSwap
LdrGetDllHandle

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 287KB - Virtual size: 286KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ff189709716c4399ac45878bc994519e

Headers

DLL Characteristics

File Characteristics

Imports

ole32

advapi32

tapi32

user32

setupapi

kernel32

ntdll

Sections

.text Size: 15KB - Virtual size: 15KB

.rsrc Size: 287KB - Virtual size: 286KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 3KB - Virtual size: 1.4MB

.tls Size: 512B - Virtual size: 4KB

.text
Size: 15KB - Virtual size: 15KB

.rsrc
Size: 287KB - Virtual size: 286KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 3KB - Virtual size: 1.4MB

.tls
Size: 512B - Virtual size: 4KB