e9d5868ff2f6f15d168a94f0285ecd61_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e9d5868ff2f6f15d168a94f0285ecd61_JaffaCakes118
Size

290KB
MD5

e9d5868ff2f6f15d168a94f0285ecd61
SHA1

cb35941f80fa1beefe860aed20fed157e9525d55
SHA256

9afc0918726f28fafe915a9366e5ad3a1b406c64401bf3b745123ca39da35a04
SHA512

f65d6ea138abbe3afd5718aa9ae1cf6b4ab20a230da670d662784c540538f1e72ff838a0ec32bca404096cdebe456ce265dca2728a0211739c25f920f95b1804
SSDEEP

6144:K71/Yk+J/tvpBZ9+RCszT+uNeq2oTbDkmXCKcf7wey:Kh8J/tvpD96zT+6eqNvXCKc0ey

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e9d5868ff2f6f15d168a94f0285ecd61_JaffaCakes118

Files

e9d5868ff2f6f15d168a94f0285ecd61_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f3ae9a9b67aaac043d5708975639d10d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegQueryInfoKeyW
GetUserNameA
CryptGenRandom
SetSecurityDescriptorOwner
RegCreateKeyW
RegisterEventSourceW
SetSecurityDescriptorGroup
OpenThreadToken
RegDeleteKeyA
GetSecurityDescriptorDacl
LsaQueryInformationPolicy
SetEntriesInAclW
RegNotifyChangeKeyValue
AddAce
QueryServiceConfigW
RegDeleteValueW
CryptGetHashParam
RegisterTraceGuidsW
RegDeleteKeyW
DuplicateTokenEx
ControlService
CryptAcquireContextW
GetSecurityDescriptorLength
OpenServiceW
CryptAcquireContextA
MakeSelfRelativeSD
EqualSid
LookupAccountSidW
RegCreateKeyA
GetUserNameW
GetTokenInformation
DeleteService
LsaFreeMemory
RegOpenKeyExA
GetSidLengthRequired
RegEnumValueW
RegEnumKeyW
CheckTokenMembership
UnlockServiceDatabase
RegSetValueExW
StartServiceW
OpenSCManagerA
ImpersonateLoggedOnUser
CryptCreateHash
GetTraceLoggerHandle
LookupPrivilegeValueA

kernel32

GetLastError
FlushFileBuffers
IsDebuggerPresent
CompareStringW
GetConsoleMode
GetVersion
lstrcpynW
ReleaseMutex
LoadLibraryExA
WaitForSingleObject
GetCurrentThreadId
GetEnvironmentStrings
CreateMutexA
GetExitCodeThread
ResumeThread
QueryPerformanceCounter
InterlockedIncrement
UnmapViewOfFile
FreeEnvironmentStringsW
VirtualQuery
GetSystemInfo
GetLocaleInfoA
GetCurrentProcess
GetTempPathA
OpenMutexA
GetModuleHandleW
lstrlenW
HeapFree
GetTickCount
HeapReAlloc
TlsGetValue
TerminateProcess
GetThreadLocale
GetFileSize
CreateDirectoryA
GetCommandLineW
GetStartupInfoA
GetSystemTime
DisableThreadLibraryCalls
InitializeCriticalSection
GetSystemDirectoryW
FormatMessageW
GetModuleHandleA
GetStdHandle
GetVersionExW
OpenEventW
CreateMutexW
SetErrorMode
GetCommandLineA
lstrcatA
Sleep
OpenMutexW
PurgeComm
GetFullPathNameW
GetSystemTimeAsFileTime
FindFirstFileW
GetModuleFileNameW
GetCurrentProcessId
SetLastError
VirtualAlloc
LoadResource
WideCharToMultiByte
FindResourceW
RtlUnwind
LCMapStringA
ExitProcess
GetFileAttributesA
VirtualFree
lstrcmpiA

msvcrt

_strdup
_finite
sprintf
_chsize
__setusermatherr
toupper
_rotl
wcsncmp
__pioinfo
_rotr
_tell
_local_unwind2
setlocale
fwrite
memmove
_wfopen
fopen
_cexit
_ftol
towlower
_c_exit
qsort
_adjust_fdiv
memset
__p__osver
rand
exit
??3@YAXPAX@Z
iswspace
_lock
srand
_ltoa
ceil
strncmp
_strlwr
_wcsnicmp
printf
_initterm
__p__iob
malloc
_ultow

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.textbss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.textbss
Size: 275KB - Virtual size: 278KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f3ae9a9b67aaac043d5708975639d10d

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

Sections

.text Size: 4KB - Virtual size: 4KB

.textbss Size: - Virtual size: 2KB

BSS Size: - Virtual size: 3KB

.bss Size: - Virtual size: 1KB

.bss Size: - Virtual size: 1KB

DATA Size: - Virtual size: 220KB

.textbss Size: 275KB - Virtual size: 278KB

.rsrc Size: 10KB - Virtual size: 10KB

.text
Size: 4KB - Virtual size: 4KB

.textbss
Size: - Virtual size: 2KB

BSS
Size: - Virtual size: 3KB

.bss
Size: - Virtual size: 1KB

.bss
Size: - Virtual size: 1KB

DATA
Size: - Virtual size: 220KB

.textbss
Size: 275KB - Virtual size: 278KB

.rsrc
Size: 10KB - Virtual size: 10KB