d44e7eb29ec13c330f911ed0533b1e66_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d44e7eb29ec13c330f911ed0533b1e66_JaffaCakes118
Size

388KB
MD5

d44e7eb29ec13c330f911ed0533b1e66
SHA1

7b24995dfbee0556ef5441b891e119fde2b30c29
SHA256

6851bfc236377116a07209262abc39a42c552ea15a7efb448ac355de77c491c4
SHA512

bed92b3e732f60bef2e39fde3924f7dec630db70e779159c46f0205eec933e539ebbaa61898925e335aa0a42818b3d1cbf91ba1d5d4584e4f4989b8dfe594d40
SSDEEP

6144:FiVqiKPmFuSUaTR6lGWaYjacMzYbE9pZFI:MpuSHS1aqMzYI9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d44e7eb29ec13c330f911ed0533b1e66_JaffaCakes118

Files

d44e7eb29ec13c330f911ed0533b1e66_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f8f809bb89547d36ef30f66e39f80273

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileMappingA
CreateFileA
GetFileSize
GetProcAddress
LoadLibraryA
IsBadReadPtr
WriteFile
GetWindowsDirectoryA
lstrcatA
GetTempPathA
ExitProcess
GetVersionExA
LeaveCriticalSection
EnterCriticalSection
ReleaseSemaphore
FindClose
FindNextFileA
FreeLibrary
ReadFile
VirtualAlloc
SetFilePointer
CreateSemaphoreA
MapViewOfFile
GetEnvironmentVariableA
VirtualFree
DeleteCriticalSection
GetTickCount
LocalFree
FormatMessageA
HeapFree
HeapAlloc
GetProcessHeap
SetUnhandledExceptionFilter
FlushFileBuffers
SetFileTime
FileTimeToSystemTime
GetFileTime
GetCurrentProcess
SetEndOfFile
UnmapViewOfFile
WaitForSingleObject
GetSystemDirectoryA
ExpandEnvironmentStringsA
CopyFileA
GetModuleFileNameA
TerminateProcess
Sleep
CloseHandle
BeginUpdateResourceA
UpdateResourceA
EndUpdateResourceA
InitializeCriticalSection
GetLastError
GetStringTypeW
GetStringTypeA
SetStdHandle
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
HeapReAlloc
HeapCreate
HeapDestroy
UnhandledExceptionFilter
SetLastError
TlsAlloc
GetCurrentThreadId
LCMapStringW
LCMapStringA
ResumeThread
CreateThread
TlsSetValue
TlsGetValue
ExitThread
RtlUnwind
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
InterlockedDecrement
InterlockedIncrement
GetCPInfo
GetACP
GetOEMCP
WideCharToMultiByte
MultiByteToWideChar

advapi32

GetNamedSecurityInfoA
BuildExplicitAccessWithNameA
SetEntriesInAclA
SetNamedSecurityInfoA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
EnumDependentServicesA
ControlService
OpenSCManagerA
OpenServiceA
CloseServiceHandle
StartServiceA
QueryServiceStatusEx
RegCreateKeyA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
GetTokenInformation

shell32

ShellExecuteA

wininet

InternetSetCookieA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 9.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 680B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f8f809bb89547d36ef30f66e39f80273

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

wininet

version

Sections

.text Size: 40KB - Virtual size: 38KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 16KB - Virtual size: 9.6MB

.rsrc Size: 4KB - Virtual size: 680B

.text
Size: 40KB - Virtual size: 38KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 16KB - Virtual size: 9.6MB

.rsrc
Size: 4KB - Virtual size: 680B