de90cc85db71abd17f17871adcc48e37_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

de90cc85db71abd17f17871adcc48e37_JaffaCakes118
Size

317KB
MD5

de90cc85db71abd17f17871adcc48e37
SHA1

12c8707d771c127976fa5e988121c4acf3ae0185
SHA256

2b0629f8bbb429514c77614c0774e418c0a02621d1e6e557b9d3997d2e39b8fa
SHA512

b864420d8a714eb5124f692e6003abd491310dcf2f635b33e43b16ea4018294b1869245ea55556f411373d143e62b238f81b95f0b8e89d0f2a6d42d748ae55ca
SSDEEP

6144:nkpOx7LCSMFgLCeHUlOzqdQTC8aZ5TQ5wV4eSEMgf/xigZk:9ExgLkloGQ18c5wVYvgZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
de90cc85db71abd17f17871adcc48e37_JaffaCakes118

Files

de90cc85db71abd17f17871adcc48e37_JaffaCakes118
.exe windows:5 windows x86 arch:x86

94171a9304408459490fb09c525b5699

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtAllocateVirtualMemory
LdrGetDllHandle
RtlUshortByteSwap

kernel32

lstrcpyA
VirtualProtect
GetTempPathW
HeapReAlloc
GetShortPathNameW
lstrcmpA
lstrcmpiA
HeapAlloc
Sleep
HeapFree
LoadLibraryA
GetTickCount
GlobalAlloc
lstrlenA
GetProcAddress
VirtualAlloc
GetTempFileNameW
GlobalFree
CreateFileA
WriteFile
MultiByteToWideChar
CloseHandle
GetSystemInfo
GetLastError
LoadLibraryW
lstrlenW
GetCPInfo
lstrcmpiW
GetStringTypeA
ExitProcess
FreeLibrary
LCMapStringW
GetStringTypeW
GetLocaleInfoA
FormatMessageA
VirtualFree
LCMapStringA
CreateDirectoryW
DeleteFileW
VirtualQuery
GetProcessHeap
GetVersionExA

setupapi

SetupGetSourceInfoA
SetupDiGetDeviceInstanceIdW
SetupDiCallClassInstaller
SetupDiEnumDeviceInfo
SetupCloseInfFile
SetupGetSourceFileLocationA
SetupDiCreateDeviceInfoList
SetupPromptForDiskA
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW
SetupDiSetClassInstallParamsA
SetupDiOpenDevRegKey
SetupOpenMasterInf

ole32

CoInitializeEx
CoCreateInstance
CoUninitialize

advapi32

RegCloseKey
OpenSCManagerA
RegOpenKeyA
RegQueryValueExW
RegSetValueExA
CloseServiceHandle
OpenServiceA
QueryServiceStatus
ChangeServiceConfigA
RegOpenKeyW
RegEnumKeyA
RegQueryValueExA
StartServiceA
RegOpenKeyExA

user32

wsprintfA

tapi32

lineClose
lineNegotiateAPIVersion
lineGetDevCapsW
lineInitializeExW
lineShutdown
lineGetID
lineOpen

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 287KB - Virtual size: 286KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

94171a9304408459490fb09c525b5699

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

setupapi

ole32

advapi32

user32

tapi32

Sections

.text Size: 15KB - Virtual size: 15KB

.rsrc Size: 287KB - Virtual size: 286KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 3KB - Virtual size: 1.4MB

.tls Size: 512B - Virtual size: 4KB

.text
Size: 15KB - Virtual size: 15KB

.rsrc
Size: 287KB - Virtual size: 286KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 3KB - Virtual size: 1.4MB

.tls
Size: 512B - Virtual size: 4KB