d297d5191fb6f02127d9c2cf8975b2c8_JaffaCakes118

General

Target

d297d5191fb6f02127d9c2cf8975b2c8_JaffaCakes118
Size

135KB
MD5

d297d5191fb6f02127d9c2cf8975b2c8
SHA1

bb7494a8a0ed7f5aab39572bd2073851bb4841f8
SHA256

357dd6239919f4749efe57b0bb5f942dadfc838cbfb13ba7cdf23920aae34a2b
SHA512

d9fdd8b56a981cc9dd595890ff2904cc53fe9a44efa3255ac6f9b351d893b360d3bfc224eaa1721e20e95f17c9e2c5034af55f5df41d93e550e3c23d72a721ed
SSDEEP

3072:mrOv8DAOCg0wNn0ZbeCP8IrahqkAuj0Sg:mrOU8OnqIwPrahqkAuj0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d297d5191fb6f02127d9c2cf8975b2c8_JaffaCakes118

Files

d297d5191fb6f02127d9c2cf8975b2c8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3ec15b6c8c84e6a14a703f7ec4efbc3f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Process32NextW
lstrcmpiW
Process32FirstW
CreateToolhelp32Snapshot
GlobalAlloc
GetCurrentProcess
GetFileAttributesW
GlobalFree
FreeResource
LoadResource
FindResourceW
lstrlenA
WriteFile
CreateFileW
CreateThread
ExitProcess
CreateMutexA
GetLastError
ReleaseMutex
CloseHandle
lstrcpyA
DeleteFileW
GetModuleFileNameA
lstrlenW
VirtualAllocEx
VirtualProtectEx
LoadLibraryW
GetProcAddress
lstrcatW
VirtualQueryEx

user32

LoadIconW
LoadCursorW
RegisterClassExW
CreateWindowExW
GetMessageW
TranslateMessage
DispatchMessageW
DefWindowProcW
FindWindowW
ShowWindow
SendMessageW
UpdateWindow

advapi32

RegSetValueExW
RegDeleteValueW
RegQueryValueExW
RegRestoreKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegCreateKeyExW
CreateServiceW
CloseServiceHandle
OpenServiceW
OpenSCManagerW
StartServiceW
ChangeServiceConfigW
RegOpenKeyExW

msvcrt

fclose
fopen
strstr
strchr
memset
_except_handler3
memcpy
realloc
malloc
strlen
fseek
??2@YAPAXI@Z
fread
ftell

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3ec15b6c8c84e6a14a703f7ec4efbc3f

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 7KB

.rsrc Size: 124KB - Virtual size: 123KB

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 7KB

.rsrc
Size: 124KB - Virtual size: 123KB