cf4a6ae5fb63973eb82d3592bb1c53c7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

cf4a6ae5fb63973eb82d3592bb1c53c7_JaffaCakes118
Size

27KB
MD5

cf4a6ae5fb63973eb82d3592bb1c53c7
SHA1

74302fed9841e25e7d3e9f523b542921c2b6f5c4
SHA256

73688ccabf59b4e7ebdb58b195202bf7c54c977a8bf14344176927cf13b9c57e
SHA512

9f7f8e77d872141ba531f80681d8ddfe1bccfa17652ecd34f70e456a1edf6d040215eeb8f5a2b8447a1762c1074ff45bc7bd30e875257b89d690da596ec8e8a4
SSDEEP

384:8dIZNUTdlLE0RJOHKNyiZcagT7RPzt5trmEYtP1Y/k14IxAef0EV3A6qJhUmZsB0:7U7RJOHVoclpwRP1uXEVGJhUm/lZ4qT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cf4a6ae5fb63973eb82d3592bb1c53c7_JaffaCakes118

Files

cf4a6ae5fb63973eb82d3592bb1c53c7_JaffaCakes118
.exe windows:5 windows x86 arch:x86

d25c2a241b5575fe68e0ce39f4748e98

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstFileA
CreateDirectoryA
CopyFileA
MoveFileA
GetFileAttributesA
VirtualFree
VirtualAlloc
GetLocalTime
SetFilePointer
CreateFileA
HeapFree
HeapAlloc
GetProcessHeap
DeviceIoControl
lstrcmpA
GetVersionExA
GetVolumeInformationW
GetWindowsDirectoryW
GetProcAddress
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
SetFileAttributesA
DeleteFileA
MoveFileExA
FindNextFileA
FindClose
RemoveDirectoryA
WriteFile
GetStartupInfoA
CreateProcessA
WaitForSingleObject
GetExitCodeProcess
CloseHandle
GetCommandLineA
GetCommandLineW
GetModuleFileNameA
GetCurrentProcessId
GetWindowsDirectoryA
GetLastError
SetEnvironmentVariableA
GlobalFree

ntdll

qsort
strstr
NtQuerySystemInformation
vsprintf
memmove
strrchr
RtlUnicodeStringToAnsiString
wcscmp
RtlFreeAnsiString
_strcmpi

setupapi

SetupGetLineTextA
SetupOpenInfFileA
SetupCloseInfFile

shell32

CommandLineToArgvW

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

msvcrt

__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
_acmdln
__set_app_type
_except_handler3
_controlfp
exit
_cexit
_XcptFilter
_exit
_c_exit
malloc
realloc
free
__p__fmode

advapi32

DeregisterEventSource
RegisterEventSourceA
RegSetValueExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
FreeSid
SetFileSecurityA
SetFileSecurityW
SetSecurityDescriptorDacl
GetAclInformation
AddAce
InitializeSecurityDescriptor
InitializeAcl
AllocateAndInitializeSid
CopySid
GetLengthSid
ReportEventA

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

XOR
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d25c2a241b5575fe68e0ce39f4748e98

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ntdll

setupapi

shell32

version

msvcrt

advapi32

Sections

.text Size: 20KB - Virtual size: 19KB

.data Size: 512B - Virtual size: 2KB

.rsrc Size: 3KB - Virtual size: 3KB

XOR Size: 2KB - Virtual size: 2KB

.text
Size: 20KB - Virtual size: 19KB

.data
Size: 512B - Virtual size: 2KB

.rsrc
Size: 3KB - Virtual size: 3KB

XOR
Size: 2KB - Virtual size: 2KB