de2a5f78eb64b40b5b4b8f07903bfb3b_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

de2a5f78eb64b40b5b4b8f07903bfb3b_JaffaCakes118
Size

264KB
MD5

de2a5f78eb64b40b5b4b8f07903bfb3b
SHA1

87908eb1869189628e85995ce04979fa4a436097
SHA256

d6ee1c74f1ce926be7a11f020eccf78ec0545ef0f575bbb102978bb07d2312a5
SHA512

f6060e837887d5b42491db691be1a231c6492585fdd8f3830b4da49ec5db529ab51c1fdd61402af5ec0a918a6bcd7ba6dc56a3f5cce7eec84ecc1968e218020c
SSDEEP

6144:+wvFJeoT5KjIfWvm+yYcM5w+0lbrzJ9KjGWiPFedLwm1V:9TgjJvm+xw+sbBMNiGsO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
de2a5f78eb64b40b5b4b8f07903bfb3b_JaffaCakes118

Files

de2a5f78eb64b40b5b4b8f07903bfb3b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f9eaa99c88d05956098b2d6ce0b6695f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
GetOEMCP
HeapFree
UnhandledExceptionFilter
TerminateProcess
ReadFile
IsValidCodePage
EnterCriticalSection
CompareStringW
HeapCreate
IsDebuggerPresent
HeapSize
GetCPInfo
RtlUnwind
GetConsoleOutputCP
RaiseException
HeapDestroy
VirtualAlloc
LCMapStringA
GetACP
CompareStringA
WriteConsoleA
EnumResourceTypesA
HeapReAlloc
SetUnhandledExceptionFilter
SetEndOfFile
MultiByteToWideChar
LeaveCriticalSection
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
SetFilePointer
GetCurrentProcess
VirtualFree
FreeLibrary
LoadLibraryA
CreateMailslotW
GetStringTypeW
GetCurrentProcessId
SetStdHandle
QueryPerformanceCounter
GetTimeZoneInformation
GetTickCount
GetLocaleInfoA
InitializeCriticalSection
LCMapStringW
SetEnvironmentVariableA
GetStringTypeA

advapi32

RegSaveKeyW
GetTokenInformation
LockServiceDatabase
InitializeAcl
SetEntriesInAclA
FreeSid
ChangeServiceConfigW
GetNamedSecurityInfoW
SetSecurityDescriptorDacl
OpenSCManagerW
EnumDependentServicesW
RegOpenKeyExW
StartServiceA
LookupPrivilegeValueA
SetEntriesInAclW
LookupAccountSidW
DeleteService
RegGetKeySecurity
GetAce
GetSecurityInfo
GetSecurityDescriptorControl
IsValidSecurityDescriptor
RegEnumKeyExW
SetSecurityInfo
CreateServiceW
QueryServiceLockStatusW
AddAce
SetNamedSecurityInfoW
LookupPrivilegeDisplayNameA
OpenServiceW
RegDeleteValueW
LookupPrivilegeNameA
FreeInheritedFromArray
RegQueryValueExW
UnlockServiceDatabase
GetInheritanceSourceW
RegRestoreKeyW
RegDeleteKeyW
InitializeSecurityDescriptor
AllocateAndInitializeSid
RegCloseKey
QueryServiceStatus
AdjustTokenPrivileges
ControlService
QueryServiceConfigW
IsValidAcl
RegSetValueExW
OpenProcessToken
EqualSid
RegCreateKeyExW
CloseServiceHandle
ChangeServiceConfig2W
GetAclInformation
RegEnumValueW

oleacc

LresultFromObject
AccessibleObjectFromPoint

iphlpapi

GetIpAddrTable

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 202KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f9eaa99c88d05956098b2d6ce0b6695f

Headers

File Characteristics

Imports

kernel32

advapi32

oleacc

iphlpapi

Sections

.text Size: 57KB - Virtual size: 57KB

.rdata Size: 3KB - Virtual size: 146KB

.data Size: 202KB - Virtual size: 202KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 57KB - Virtual size: 57KB

.rdata
Size: 3KB - Virtual size: 146KB

.data
Size: 202KB - Virtual size: 202KB

.rsrc
Size: 512B - Virtual size: 4KB