ee81e5d5e471da2c8cbef6aefe3e840c_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ee81e5d5e471da2c8cbef6aefe3e840c_JaffaCakes118
Size

37KB
MD5

ee81e5d5e471da2c8cbef6aefe3e840c
SHA1

1a05a45543504e76cfd29757808e685876579ddb
SHA256

57f011f121613075bd5acb9f5b998727f5b1cad8315890549ceb6df9227d9500
SHA512

e7aa154e958ebc7614062d5ce01ad4ac894ce76a656be8a1c3ed277b06a8d460c28a134330d9d643de68e8d7ce0e52aaf9732d8e6473d3820ccbc9fb1c316000
SSDEEP

768:nUbRJOHVFsKXuOktVFujtyEV3JhUmDP3LC/pkagWrMMcA2:nUbRJ2sdOktVFYlJOmDzC/pkagtA2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ee81e5d5e471da2c8cbef6aefe3e840c_JaffaCakes118

Files

ee81e5d5e471da2c8cbef6aefe3e840c_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f09559ac92037c3f9af50f43436bca13

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstFileA
CreateDirectoryA
CopyFileA
MoveFileA
GetFileAttributesA
VirtualFree
VirtualAlloc
GetLocalTime
SetFilePointer
CreateFileA
HeapFree
HeapAlloc
GetProcessHeap
DeviceIoControl
lstrcmpA
GetVersionExA
GetVolumeInformationW
GetWindowsDirectoryW
GetProcAddress
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
SetFileAttributesA
DeleteFileA
MoveFileExA
FindNextFileA
FindClose
RemoveDirectoryA
WriteFile
CreateProcessA
GetStartupInfoA
WaitForSingleObject
GetExitCodeProcess
CloseHandle
GetCommandLineA
GetCommandLineW
GetModuleFileNameA
GetCurrentProcessId
GetWindowsDirectoryA
GetLastError
SetEnvironmentVariableA
GlobalFree

ntdll

qsort
strstr
NtQuerySystemInformation
vsprintf
memmove
_wcsicmp
strrchr
RtlUnicodeStringToAnsiString
wcscmp
RtlFreeAnsiString
_strcmpi

setupapi

SetupGetLineTextA
SetupOpenInfFileA
SetupCloseInfFile

shell32

CommandLineToArgvW

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

msvcrt

_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
exit
__p__fmode
__set_app_type
_except_handler3
_controlfp
_cexit
_XcptFilter
_exit
_c_exit
malloc
realloc
free
__p__commode

advapi32

DeregisterEventSource
RegisterEventSourceA
RegSetValueExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
FreeSid
SetFileSecurityA
SetFileSecurityW
SetSecurityDescriptorDacl
GetAclInformation
AddAce
InitializeSecurityDescriptor
InitializeAcl
AllocateAndInitializeSid
CopySid
GetLengthSid
ReportEventA

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f09559ac92037c3f9af50f43436bca13

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ntdll

setupapi

shell32

version

msvcrt

advapi32

Sections

.text Size: 20KB - Virtual size: 19KB

.data Size: 512B - Virtual size: 2KB

.rsrc Size: 20KB - Virtual size: 36KB

.text
Size: 20KB - Virtual size: 19KB

.data
Size: 512B - Virtual size: 2KB

.rsrc
Size: 20KB - Virtual size: 36KB