dd4286ebfc2f7ea3366126a2937c2cad_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

dd4286ebfc2f7ea3366126a2937c2cad_JaffaCakes118
Size

324KB
MD5

dd4286ebfc2f7ea3366126a2937c2cad
SHA1

0c36c4df261f257506207dfdb08ee8d21e18c9ed
SHA256

da0c31fba4eac2cf3388b3cfeaa744b5e37007d3d3924ee8c2de5d9627b80723
SHA512

ce9820e10f61e3a368e42e4f2114e297f6679a090d3dc9c19db2031f6251f4e0c861f14e4368b8ab6527d121ac7a230c389f8bf2e7cce4494739480fc62d9e87
SSDEEP

6144:aiFiAHBDNAI+EczDDGgqX37WGbw+uqHb2NDFPaaSRaDqu5aHBUtIReFWdS:ai1xNAI23DKrWGbVuFDAau81y0WdS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dd4286ebfc2f7ea3366126a2937c2cad_JaffaCakes118

Files

dd4286ebfc2f7ea3366126a2937c2cad_JaffaCakes118
.exe windows:5 windows x86 arch:x86

8a67bb7f02eda1b71f82a774ccb72586

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualProtect
VirtualAlloc
LCMapStringA
FormatMessageA
lstrlenW
GetStringTypeW
GetTempFileNameW
lstrcmpiW
FreeLibrary
GetProcessHeap
lstrcpyA
GlobalAlloc
HeapFree
DeleteFileW
LoadLibraryW
CreateDirectoryW
GetSystemInfo
lstrcmpA
CreateFileA
WriteFile
VirtualFree
GetModuleHandleA
GetCPInfo
GetTempPathW
MultiByteToWideChar
GetStringTypeA
ExitProcess
GetTickCount
WideCharToMultiByte
LCMapStringW
CloseHandle
lstrcmpiA
GetVersionExA
HeapAlloc
HeapReAlloc
GetProcAddress
GetShortPathNameW
GetLocaleInfoA
lstrlenA
Sleep
GlobalFree
VirtualQuery

user32

wsprintfA

tapi32

lineGetDevCapsW
lineNegotiateAPIVersion
lineClose
lineInitializeExW
lineShutdown
lineOpen
lineGetID

setupapi

SetupCloseInfFile
SetupDiGetClassDevsW
SetupDiGetDeviceInstanceIdW
SetupDiOpenDevRegKey
SetupGetSourceInfoA
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupOpenMasterInf
SetupDiCallClassInstaller
SetupPromptForDiskA
SetupDiSetClassInstallParamsA
SetupDiCreateDeviceInfoList
SetupGetSourceFileLocationA

ntdll

RtlUshortByteSwap
NtCreateDebugObject
NtAllocateVirtualMemory

ole32

CoUninitialize
CoInitializeEx
CoCreateInstance

advapi32

StartServiceA
QueryServiceStatus
OpenServiceA
CloseServiceHandle
RegEnumKeyA
OpenSCManagerA
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyW
RegQueryValueExW
RegCloseKey
ChangeServiceConfigA
RegOpenKeyA
RegSetValueExA

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 294KB - Virtual size: 294KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8a67bb7f02eda1b71f82a774ccb72586

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

tapi32

setupapi

ntdll

ole32

advapi32

Sections

.text Size: 15KB - Virtual size: 15KB

.rsrc Size: 294KB - Virtual size: 294KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 3KB - Virtual size: 1.4MB

.tls Size: 512B - Virtual size: 4KB

.text
Size: 15KB - Virtual size: 15KB

.rsrc
Size: 294KB - Virtual size: 294KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 3KB - Virtual size: 1.4MB

.tls
Size: 512B - Virtual size: 4KB