e8911f64ea3136f4482fd69635616ddb_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

e8911f64ea3136f4482fd69635616ddb_JaffaCakes118
Size

264KB
MD5

e8911f64ea3136f4482fd69635616ddb
SHA1

021a113840bb7977683838109fc5b9e56f93ffa1
SHA256

6877f0d8fcb78277b4e8fe0aa909ac6df3aa65fde6f2989d65f4d69cdb1c0e47
SHA512

5237bb8aebf38383d9f766aca53a4206381d9f11d7dc6bbd7f714210c9b290f53a5d29ef6a7e9ea3ce78788ebce79e359765f6b8420ae1b17f68efe10908fbda
SSDEEP

6144:kL+Yp0kqBM6b/u2dxdbdOoiK0CetMK5JP9Zw1suQ9yTKRW8L/:8lL6SMX4Cov59fd9t48

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e8911f64ea3136f4482fd69635616ddb_JaffaCakes118

Files

e8911f64ea3136f4482fd69635616ddb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

831e46581b5fc02c7ba0c4bf483c3166

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetStdHandle
TerminateProcess
WriteConsoleA
GetConsoleOutputCP
HeapFree
GetTickCount
IsDebuggerPresent
VirtualAlloc
SetFilePointer
HeapReAlloc
GetOEMCP
HeapDestroy
IsValidCodePage
HeapSize
GetStringTypeW
GetLocaleInfoA
CompareStringW
GetSystemTimeAsFileTime
LeaveCriticalSection
GetDateFormatA
UnhandledExceptionFilter
GetACP
GetCurrentProcess
RtlUnwind
LCMapStringW
GetTimeZoneInformation
InitializeCriticalSection
EnumResourceTypesA
SetEnvironmentVariableA
MultiByteToWideChar
LoadLibraryA
CreateMailslotW
RaiseException
GetCPInfo
QueryPerformanceCounter
WriteFile
FreeLibrary
ReadFile
EnterCriticalSection
GetCurrentProcessId
VirtualFree
LCMapStringA
GetTimeFormatA
HeapCreate
SetUnhandledExceptionFilter
CompareStringA
SetEndOfFile
GetStringTypeA

iphlpapi

GetIpAddrTable

advapi32

SetEntriesInAclA
RegDeleteValueW
OpenSCManagerW
RegRestoreKeyW
DeleteService
SetEntriesInAclW
ChangeServiceConfigW
LookupAccountSidW
ChangeServiceConfig2W
QueryServiceStatus
FreeInheritedFromArray
SetSecurityDescriptorDacl
GetSecurityDescriptorControl
AllocateAndInitializeSid
QueryServiceLockStatusW
EqualSid
EnumDependentServicesW
RegGetKeySecurity
RegQueryValueExW
GetTokenInformation
GetInheritanceSourceW
StartServiceA
RegSetValueExW
AddAce
ControlService
IsValidSecurityDescriptor
LookupPrivilegeNameA
LookupPrivilegeValueA
LookupPrivilegeDisplayNameA
SetNamedSecurityInfoW
GetAce
OpenServiceW
CloseServiceHandle
CreateServiceW
InitializeAcl
QueryServiceConfigW
AdjustTokenPrivileges
SetSecurityInfo
LockServiceDatabase
FreeSid
UnlockServiceDatabase
RegEnumKeyExW
GetAclInformation
GetNamedSecurityInfoW
InitializeSecurityDescriptor
IsValidAcl
RegCloseKey
RegOpenKeyExW
GetSecurityInfo
OpenProcessToken
RegCreateKeyExW
RegSaveKeyW
RegDeleteKeyW
RegEnumValueW

oleacc

LresultFromObject
AccessibleObjectFromPoint

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 202KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

831e46581b5fc02c7ba0c4bf483c3166

Headers

File Characteristics

Imports

kernel32

iphlpapi

advapi32

oleacc

Sections

.text Size: 57KB - Virtual size: 57KB

.rdata Size: 3KB - Virtual size: 146KB

.data Size: 202KB - Virtual size: 202KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 57KB - Virtual size: 57KB

.rdata
Size: 3KB - Virtual size: 146KB

.data
Size: 202KB - Virtual size: 202KB

.rsrc
Size: 512B - Virtual size: 4KB