ef4611c0a0185c7617657520d0b42418_JaffaCakes118

General

Target

ef4611c0a0185c7617657520d0b42418_JaffaCakes118
Size

446KB
MD5

ef4611c0a0185c7617657520d0b42418
SHA1

d8882f834152a3ebd60601279d2b18620b4e3f67
SHA256

0c4d83c38a631840e7b077424cf99bee1eeae9ed89336065ddcfa6b76a7c9101
SHA512

e92f3988673ed8db05fc558ecbe2f7f105f01e49d720e3a51f117305e71e0d3d0cd0aa74f5a1f842b608b78ad292a44e3a1b0015e477134e9aa3705bc7497def
SSDEEP

12288:/C3ApK2e8etJmdMD4+0/iNNd4Tr2PXZPl6TX8EqxCOcozM4:ZKnYdMDF0WNdgmHuX6oHod

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ef4611c0a0185c7617657520d0b42418_JaffaCakes118

Files

ef4611c0a0185c7617657520d0b42418_JaffaCakes118
.exe windows:4 windows x86 arch:x86

65da3b3708e1a58165f3d08f8ddd2543

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegSetValueW
RegDeleteValueW
RegCreateKeyExW
AllocateAndInitializeSid
RegOpenKeyExW
RegEnumValueW
RegLoadKeyW
RegDeleteKeyW
RegQueryInfoKeyW
RegSetValueExW
RegQueryValueExA
RegUnLoadKeyW
EqualSid
RegSaveKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
FreeSid
GetTokenInformation
RegEnumKeyW
OpenProcessToken
RegFlushKey
RegCloseKey
RegQueryValueExW
RegOpenKeyExA

ntdll

NtAllocateVirtualMemory
RtlAddAccessAllowedAce
RtlAdjustPrivilege

ole32

OleInitialize
OleUninitialize
CoTaskMemFree

gdi32

DeleteObject
GetStockObject
GetObjectW
CreateFontIndirectW
GetDeviceCaps

kernel32

GetACP
GetStartupInfoA

rpcrt4

RpcStringFreeW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

oleaut32

VariantClear

Sections

.text
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 920KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rdata
Size: 354KB - Virtual size: 353KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

65da3b3708e1a58165f3d08f8ddd2543

Headers

File Characteristics

Imports

advapi32

ntdll

ole32

gdi32

kernel32

rpcrt4

version

oleaut32

Sections

.text Size: 42KB - Virtual size: 41KB

.rsrc Size: 40KB - Virtual size: 39KB

.data Size: 9KB - Virtual size: 920KB

.reloc Size: 512B - Virtual size: 28B

.rdata Size: 354KB - Virtual size: 353KB

.text
Size: 42KB - Virtual size: 41KB

.rsrc
Size: 40KB - Virtual size: 39KB

.data
Size: 9KB - Virtual size: 920KB

.reloc
Size: 512B - Virtual size: 28B

.rdata
Size: 354KB - Virtual size: 353KB