eb0bfb7c704bf3520cccbe0b6194bd5c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

eb0bfb7c704bf3520cccbe0b6194bd5c_JaffaCakes118
Size

464KB
MD5

eb0bfb7c704bf3520cccbe0b6194bd5c
SHA1

e56ee8235d11127f3f73cae02f6b899c5203b54a
SHA256

0463baf4731ba103a39418b97cc3e86b786b1b82c35c80c279dd677ed04b8171
SHA512

8d627cd89db839e633117ed52c3ed789b60b0f186b79be636156510d3a952a8230caa24b4800c7ac39d4de80c16f05f2e69572a43ab325e78bbc814f15514720
SSDEEP

12288:JFVhNmnOFJA3idTnhTsUc3vnNy+zIsVAOhXe:JFDNmnOFJAGYND2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eb0bfb7c704bf3520cccbe0b6194bd5c_JaffaCakes118

Files

eb0bfb7c704bf3520cccbe0b6194bd5c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

469ab548039f06470c63b7168db2dc60

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcatA
lstrcpynA
lstrlenA
lstrcmpiA
GetLastError
WinExec
GetModuleHandleA
OpenProcess
TerminateProcess
MoveFileExA
GetVersion
WritePrivateProfileStringA
DeviceIoControl
GetSystemDirectoryA
WriteFile
GetCurrentProcess
DeleteFileA
CreateFileA
LoadLibraryA
CloseHandle
GetVersionExA
GetModuleFileNameA
LoadLibraryExA
FreeLibrary
GetProcAddress
GlobalAlloc
GetTempPathA
GetSystemDefaultLangID
GlobalFree
HeapFree
LCMapStringA
IsBadWritePtr
LCMapStringW
SetUnhandledExceptionFilter
HeapReAlloc
VirtualAlloc
IsBadCodePtr
IsBadReadPtr
GetStringTypeA
RtlUnwind
GetStartupInfoA
GetCommandLineA
ExitProcess
GetCPInfo
GetACP
GetOEMCP
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
VirtualFree
GetEnvironmentStringsW
HeapAlloc
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate

user32

MessageBoxA
wsprintfA
ExitWindowsEx

advapi32

OpenSCManagerA
RegDeleteKeyA
RegDeleteValueA
CreateServiceA
CloseServiceHandle
RegCloseKey
StartServiceA
ControlService
OpenServiceA
OpenProcessToken
LookupPrivilegeValueA
DeleteService
RegEnumValueA
RegSetValueExA
AdjustTokenPrivileges
RegCreateKeyExA
RegOpenKeyExA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

shlwapi

SHDeleteKeyA

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 428KB - Virtual size: 429KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

469ab548039f06470c63b7168db2dc60

Headers

File Characteristics

Imports

kernel32

user32

advapi32

version

shlwapi

Sections

.text Size: 24KB - Virtual size: 21KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 428KB - Virtual size: 429KB

.rsrc Size: 4KB - Virtual size: 928B

.text
Size: 24KB - Virtual size: 21KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 428KB - Virtual size: 429KB

.rsrc
Size: 4KB - Virtual size: 928B