db32ce7fe7441dff28653bf65952b116_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

db32ce7fe7441dff28653bf65952b116_JaffaCakes118
Size

76KB
MD5

db32ce7fe7441dff28653bf65952b116
SHA1

0d79b757999549b7bd9de71475e4cbc4cc6778eb
SHA256

d5bec7f0fa7cd706628eb3c476ab9cf130628de148733574dc91427df0a5cd81
SHA512

c4657806fb1e8d2aeae800e3a88f486e3b6430efe39ddab348790f02aba5355cd462796647787c7827963e528e6d10bc37fa0761d941b962d7614cf9f8fa92dc
SSDEEP

1536:+0qgVbX/GBy7b9fcnpdTrx1Z/jy+6IEoUz:+swg/unJjJ6IEoUz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
db32ce7fe7441dff28653bf65952b116_JaffaCakes118

Files

db32ce7fe7441dff28653bf65952b116_JaffaCakes118
.exe windows:5 windows x86 arch:x86

4a93fcd9e2f2856c7119ce4cf9732ab4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

netapi32

NetShareDel
NetShareCheck
NetShareAdd
NetShareEnum
NetApiBufferFree

atl

ord57
ord20
ord17
ord18
ord16
ord23

kernel32

GetLocalTime
GetLastError
DeviceIoControl
ConnectNamedPipe
CreateFileA
DisconnectNamedPipe
Sleep
ReadFile
CreateNamedPipeA
GetModuleFileNameA
lstrlenA
GetCommandLineA
lstrcmpiA
GetCurrentThreadId
CloseHandle
InterlockedDecrement
GetCurrentProcess
WriteFile
GetCurrentThread
LoadLibraryA
FlushFileBuffers
SetStdHandle
LCMapStringA
GetProcAddress
GetStringTypeW
GetStringTypeA
RtlUnwind
HeapFree
HeapAlloc
GetModuleHandleA
GetStartupInfoA
GetVersion
ExitProcess
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
EnterCriticalSection
LeaveCriticalSection
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
InitializeCriticalSection
DeleteCriticalSection
TerminateProcess
HeapSize
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
SetFilePointer
InterlockedIncrement
MultiByteToWideChar
GetCPInfo
GetACP
GetOEMCP
LCMapStringW

user32

CharNextA
PostThreadMessageA
DispatchMessageA
LoadStringA
GetMessageA

advapi32

SetSecurityDescriptorOwner
GetTokenInformation
OpenThreadToken
OpenProcessToken
SetSecurityDescriptorGroup
GetLengthSid
CopySid
StartServiceA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
StartServiceCtrlDispatcherA
CreateServiceA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegQueryValueExA
SetServiceStatus
RegisterServiceCtrlHandlerA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegOpenKeyExA
RegCloseKey
RegDeleteKeyA
DeleteService
ControlService
OpenSCManagerA
OpenServiceA
QueryServiceStatus
CloseServiceHandle

ole32

CoInitializeSecurity
CoUninitialize
CoInitialize

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4a93fcd9e2f2856c7119ce4cf9732ab4

Headers

File Characteristics

Imports

netapi32

atl

kernel32

user32

advapi32

ole32

Sections

.text Size: 44KB - Virtual size: 43KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 12KB - Virtual size: 18KB

.rsrc Size: 8KB - Virtual size: 4KB

.text
Size: 44KB - Virtual size: 43KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 12KB - Virtual size: 18KB

.rsrc
Size: 8KB - Virtual size: 4KB