dd553c1f1007a3a1e95c9a085d4d145b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

dd553c1f1007a3a1e95c9a085d4d145b_JaffaCakes118
Size

324KB
MD5

dd553c1f1007a3a1e95c9a085d4d145b
SHA1

673df2b5277e5f214043b91bf0738750f9216d50
SHA256

8622de7d04434825fe12f83252c409429b3dfec78c781cd756902c36931d0af2
SHA512

9627bc1275b2f85e370284622815fbfd69f30f6e22f9a8c81ca5944c4e49164ca2b0d73620fc3966fc1a68709269115ade1eb830ad4c0d5ad13ae00af189446d
SSDEEP

6144:niFiAHBDNAI+EczDDGgqX37WGbw+uqHb2NDFPaaSRaDqu5aHBUtIReFWdS:ni1xNAI23DKrWGbVuFDAau81y0WdS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dd553c1f1007a3a1e95c9a085d4d145b_JaffaCakes118

Files

dd553c1f1007a3a1e95c9a085d4d145b_JaffaCakes118
.exe windows:5 windows x86 arch:x86

8a67bb7f02eda1b71f82a774ccb72586

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualProtect
VirtualAlloc
LCMapStringA
FormatMessageA
lstrlenW
GetStringTypeW
GetTempFileNameW
lstrcmpiW
FreeLibrary
GetProcessHeap
lstrcpyA
GlobalAlloc
HeapFree
DeleteFileW
LoadLibraryW
CreateDirectoryW
GetSystemInfo
lstrcmpA
CreateFileA
WriteFile
VirtualFree
GetModuleHandleA
GetCPInfo
GetTempPathW
MultiByteToWideChar
GetStringTypeA
ExitProcess
GetTickCount
WideCharToMultiByte
LCMapStringW
CloseHandle
lstrcmpiA
GetVersionExA
HeapAlloc
HeapReAlloc
GetProcAddress
GetShortPathNameW
GetLocaleInfoA
lstrlenA
Sleep
GlobalFree
VirtualQuery

user32

wsprintfA

tapi32

lineGetDevCapsW
lineNegotiateAPIVersion
lineClose
lineInitializeExW
lineShutdown
lineOpen
lineGetID

setupapi

SetupCloseInfFile
SetupDiGetClassDevsW
SetupDiGetDeviceInstanceIdW
SetupDiOpenDevRegKey
SetupGetSourceInfoA
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupOpenMasterInf
SetupDiCallClassInstaller
SetupPromptForDiskA
SetupDiSetClassInstallParamsA
SetupDiCreateDeviceInfoList
SetupGetSourceFileLocationA

ntdll

RtlUshortByteSwap
NtCreateDebugObject
NtAllocateVirtualMemory

ole32

CoUninitialize
CoInitializeEx
CoCreateInstance

advapi32

StartServiceA
QueryServiceStatus
OpenServiceA
CloseServiceHandle
RegEnumKeyA
OpenSCManagerA
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyW
RegQueryValueExW
RegCloseKey
ChangeServiceConfigA
RegOpenKeyA
RegSetValueExA

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 294KB - Virtual size: 294KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8a67bb7f02eda1b71f82a774ccb72586

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

tapi32

setupapi

ntdll

ole32

advapi32

Sections

.text Size: 15KB - Virtual size: 15KB

.rsrc Size: 294KB - Virtual size: 294KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 3KB - Virtual size: 1.4MB

.tls Size: 512B - Virtual size: 4KB

.text
Size: 15KB - Virtual size: 15KB

.rsrc
Size: 294KB - Virtual size: 294KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 3KB - Virtual size: 1.4MB

.tls
Size: 512B - Virtual size: 4KB