e27438c0d47f3689b3e8d456a911738d_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

e27438c0d47f3689b3e8d456a911738d_JaffaCakes118
Size

88KB
MD5

e27438c0d47f3689b3e8d456a911738d
SHA1

e4961cba92b1344af8bd8947274e42f24d6bf023
SHA256

bc4e2778d513eab6e4eee3c37dc4c648d427ee8d0358d8d3fce87816242ab567
SHA512

511b1824f415144a013a7f974cd27ca6e557951c9a7133e5749ff5be4aff436cc433f9e4c2940f481d432299bb5d57cdc317ead47bbc464f3f5e8ce3ddc52eb8
SSDEEP

1536:B6N6ofh8+fxbHl6B8/TbBIwYdgkinlo8D+hfU/DGdjZri:o58+xHAaXYdgk8lFgc/iTi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e27438c0d47f3689b3e8d456a911738d_JaffaCakes118

Files

e27438c0d47f3689b3e8d456a911738d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d5b2ab0d27e0db63ed40ff8fd0479a8a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
GetVersionExA
OutputDebugStringA
SetStdHandle
FlushFileBuffers
LoadLibraryA
GetProcAddress
SetFilePointer
OpenFile
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
TlsGetValue
SetLastError
TlsAlloc
TlsSetValue
GetFileType
GetStdHandle
EnterCriticalSection
LeaveCriticalSection
ProcessIdToSessionId
GetCurrentProcess
CreateToolhelp32Snapshot
Process32First
Process32Next
GetLastError
OpenProcess
CreateFileA
WriteFile
CloseHandle
Sleep
GetExitCodeProcess
CreateThread
lstrlenA
InterlockedDecrement
GetCurrentThreadId
InterlockedIncrement
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
TerminateProcess
GetOEMCP
HeapFree
HeapReAlloc
HeapAlloc
GetFileAttributesA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
InitializeCriticalSection
DeleteCriticalSection
RtlUnwind
GetCPInfo
GetACP

user32

LoadStringA
CharLowerA

advapi32

RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceCtrlDispatcherA
RegisterEventSourceA
ReportEventA
DeleteService
CreateServiceA
RegCreateKeyA
RegSetValueExA
RegCloseKey
OpenSCManagerA
OpenServiceA
CloseServiceHandle
DeregisterEventSource
LookupPrivilegeValueA
AdjustTokenPrivileges
SetTokenInformation
OpenProcessToken
DuplicateTokenEx
CreateProcessAsUserA

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

wtsapi32

WTSQuerySessionInformationA
WTSEnumerateSessionsA
WTSFreeMemory

Sections

.text
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d5b2ab0d27e0db63ed40ff8fd0479a8a

Headers

File Characteristics

Imports

kernel32

user32

advapi32

userenv

wtsapi32

Sections

.text Size: 40KB - Virtual size: 37KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 16KB - Virtual size: 19KB

.rsrc Size: 20KB - Virtual size: 19KB

.text
Size: 40KB - Virtual size: 37KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 16KB - Virtual size: 19KB

.rsrc
Size: 20KB - Virtual size: 19KB