d4864479c923e07529fa25ff2f4d0036_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d4864479c923e07529fa25ff2f4d0036_JaffaCakes118
Size

57KB
MD5

d4864479c923e07529fa25ff2f4d0036
SHA1

707a3f3d25e3f145a7252e98e0eb402514d21141
SHA256

85cd30fbf5e56bb7482fee6006711144cd8e98ca6b297326acdb8f11214f3430
SHA512

5af62b99787c4e8f9589941b2345886112a490fb25c649adc5c4e047c52c314bb6c72960bab1d05f701c5621835f36554eab5e989059c47f47c11deb10d85c94
SSDEEP

1536:kONhiu6uGw2xBfnmK7Qnau7lhO6kk1qYIxHaWV:XGwg9mK7+flM6kkYYYH3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d4864479c923e07529fa25ff2f4d0036_JaffaCakes118

Files

d4864479c923e07529fa25ff2f4d0036_JaffaCakes118
.exe windows:4 windows x86 arch:x86

72fe2c2d5ec33a5cd1acb038c4ce47b1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

ChangeServiceConfigA
CloseServiceHandle
CreateServiceA
GetSecurityDescriptorControl
GetUserNameA
LookupPrivilegeValueA
OpenServiceA
QueryServiceStatus
RegCreateKeyExA
RegFlushKey
UnlockServiceDatabase

kernel32

CloseHandle
CompareStringA
CopyFileA
CreateDirectoryA
CreateThread
CreateToolhelp32Snapshot
DeleteFileA
DeviceIoControl
EnumSystemLocalesA
ExitProcess
ExitThread
FileTimeToLocalFileTime
FindClose
FindNextFileA
FindResourceA
GetCPInfo
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
GetExitCodeProcess
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetPrivateProfileSectionA
GetPrivateProfileSectionNamesA
GetPrivateProfileStructA
GetProcAddress
GetShortPathNameA
GetStartupInfoA
GetSystemInfo
GetSystemTimeAsFileTime
GetTempFileNameA
GetThreadLocale
GetThreadTimes
GetTickCount
GetVersion
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
HeapCreate
HeapDestroy
HeapFree
InitializeCriticalSection
InterlockedDecrement
InterlockedExchange
IsBadReadPtr
IsBadWritePtr
IsValidLocale
LeaveCriticalSection
LoadLibraryA
LocalAlloc
LocalFree
Module32First
Module32Next
OpenProcess
ReadFile
ResumeThread
SetEvent
SetFileAttributesA
SetFileTime
SetLastError
SetPriorityClass
SizeofResource
Sleep
SystemTimeToFileTime
UnhandledExceptionFilter
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
lstrcmpiA
lstrcpynA

user32

CharLowerA
CopyRect
DestroyMenu
DialogBoxParamA
DrawTextA
FindWindowA
GetActiveWindow
GetAsyncKeyState
GetCapture
GetDlgItem
GetDlgItemTextA
GetFocus
GetMessageA
GetSystemMenu
GetSystemMetrics
GetWindowLongA
IsWindowVisible
LoadCursorA
MessageBoxA
RegisterClassA
RegisterClipboardFormatA
RegisterWindowMessageA
SetCapture
SetDlgItemInt
SetFocus
SetMenu
SetTimer
TrackPopupMenu
UnhookWindowsHookEx
WinHelpA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.INIT
Size: 13KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

72fe2c2d5ec33a5cd1acb038c4ce47b1

Headers

File Characteristics

Imports

advapi32

kernel32

user32

version

Sections

.text Size: 23KB - Virtual size: 24KB

.INIT Size: 13KB - Virtual size: 24KB

.data Size: 512B - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.idata Size: 3KB - Virtual size: 4KB

.edata Size: 15KB - Virtual size: 16KB

.text
Size: 23KB - Virtual size: 24KB

.INIT
Size: 13KB - Virtual size: 24KB

.data
Size: 512B - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.idata
Size: 3KB - Virtual size: 4KB

.edata
Size: 15KB - Virtual size: 16KB