d0255a0b4e468f709c8a8673a1d49035_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d0255a0b4e468f709c8a8673a1d49035_JaffaCakes118
Size

284KB
MD5

d0255a0b4e468f709c8a8673a1d49035
SHA1

2976712f82b93600921811f59f7cbea17a7a9601
SHA256

2cf948d90f2971e902a2294ae324a23ae1556644ed9ecd463bda41d6f9a7c2db
SHA512

00f93ffbf2ae10c4dfdf74ccc1771b539e0246215cd2805afaf7122eb644bb07a0cf7846dadcd93a7ca361d02f815f0ccbfbceb86fe045e122fac51c85ed6047
SSDEEP

3072:tXbmAgiyC6T8fGJKTtSBKVEHRuoj3Y1BywfD4uwStjAjTUKITcFUeCfx6CZMxqCo:36YLcBKiYfDRwStjgQLc6eBSqSOXoqQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d0255a0b4e468f709c8a8673a1d49035_JaffaCakes118

Files

d0255a0b4e468f709c8a8673a1d49035_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7b7c40c931b86f209c072091305ed137

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileMappingA
CreateFileA
GetFileSize
GetProcAddress
LoadLibraryA
IsBadReadPtr
WriteFile
GetWindowsDirectoryA
lstrcatA
GetTempPathA
ExitProcess
GetVersionExA
LeaveCriticalSection
EnterCriticalSection
ReleaseSemaphore
FindClose
FindNextFileA
FreeLibrary
ReadFile
VirtualAlloc
SetFilePointer
MapViewOfFile
InitializeCriticalSection
VirtualFree
DeleteCriticalSection
GetTickCount
LocalFree
FormatMessageA
HeapFree
HeapAlloc
GetProcessHeap
SetUnhandledExceptionFilter
FlushFileBuffers
SetFileTime
FileTimeToSystemTime
GetFileTime
GetCurrentProcess
SetEndOfFile
UnmapViewOfFile
WaitForSingleObject
GetSystemDirectoryA
ExpandEnvironmentStringsA
CopyFileA
GetModuleFileNameA
OpenProcess
TerminateProcess
Sleep
Process32Next
CreateToolhelp32Snapshot
CloseHandle
BeginUpdateResourceA
UpdateResourceA
EndUpdateResourceA
CreateSemaphoreA
GetLastError
GetStringTypeW
GetStringTypeA
SetStdHandle
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
HeapReAlloc
HeapCreate
HeapDestroy
GetEnvironmentVariableA
ResumeThread
CreateThread
TlsSetValue
TlsGetValue
ExitThread
RtlUnwind
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
InterlockedDecrement
InterlockedIncrement
GetCPInfo
GetACP
GetOEMCP
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetCurrentThreadId
TlsAlloc
SetLastError
UnhandledExceptionFilter

advapi32

GetNamedSecurityInfoA
BuildExplicitAccessWithNameA
SetEntriesInAclA
SetNamedSecurityInfoA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
EnumDependentServicesA
ControlService
OpenSCManagerA
OpenServiceA
CloseServiceHandle
StartServiceA
QueryServiceStatusEx
RegCreateKeyA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
GetTokenInformation

shell32

ShellExecuteA

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

Sections

.text
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 680B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7b7c40c931b86f209c072091305ed137

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

version

Sections

.text Size: 40KB - Virtual size: 38KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 16KB - Virtual size: 20KB

.rsrc Size: 4KB - Virtual size: 680B

.text
Size: 40KB - Virtual size: 38KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 16KB - Virtual size: 20KB

.rsrc
Size: 4KB - Virtual size: 680B