ef66003618babdf263c644bfcd12461e_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ef66003618babdf263c644bfcd12461e_JaffaCakes118
Size

728KB
MD5

ef66003618babdf263c644bfcd12461e
SHA1

79e7f760d6ebbb42f9418353681a220143dfdee7
SHA256

0fb621d84c6b759f1a0473e6becdb5499b70f82dfa843fa77b7c22168f255a19
SHA512

f0ccc6a238d78b657098d2ce91bf56f9b22e554fd39c6d3edc8356fa25ae221c65fb7af0acc1501ba13899e045d06534a000c211789751b93ecb2a38a2c29170
SSDEEP

12288:N6F2V5Oeu/LYd5sqG8uUbUvlIG6u+EwoRyNmVNzaQjXPq6vpPw7Fc:BOtTYDP/wvGm+EdfQQzO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ef66003618babdf263c644bfcd12461e_JaffaCakes118

Files

ef66003618babdf263c644bfcd12461e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f2634fcd1940d4e24488ce8911872cde

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\uhe\uda\Zyruvi\Desotux.pdb

Imports

kernel32

GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
Module32First
CreateToolhelp32Snapshot
CloseHandle
VirtualProtect
GetProfileStringW
TlsAlloc
RemoveDirectoryA
QueryPerformanceFrequency
GlobalAlloc
GlobalFree
SetErrorMode
CreatePipe
HeapFree
HeapAlloc
GetModuleHandleA
GetCommandLineA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
ExitProcess
GetProcAddress
TerminateProcess
GetCurrentProcess
WriteFile
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
LoadLibraryA
GetACP
GetOEMCP
GetCPInfo
RtlUnwind
InterlockedExchange
VirtualQuery
HeapSize
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetSystemInfo

user32

GetWindowRect
DialogBoxIndirectParamA
CreatePopupMenu
GetSysColorBrush
GetForegroundWindow
CreateDialogIndirectParamA
GetClientRect

advapi32

OpenThreadToken
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
AllocateAndInitializeSid
FreeSid
OpenProcessToken
StartServiceCtrlDispatcherA
InitializeSecurityDescriptor
RegEnumKeyA
RegSetValueExA
RegisterServiceCtrlHandlerA
SetEntriesInAclA
SetSecurityDescriptorDacl
SetServiceStatus
CreateServiceA
DeleteService
GetTokenInformation
LookupPrivilegeValueW
OpenSCManagerA
OpenServiceA
QueryServiceStatus

Sections

.text
Size: 212KB - Virtual size: 209KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 188KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 316KB - Virtual size: 1023KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 85B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f2634fcd1940d4e24488ce8911872cde

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

Sections

.text Size: 212KB - Virtual size: 209KB

.rdata Size: 188KB - Virtual size: 185KB

.data Size: 316KB - Virtual size: 1023KB

.tls Size: 4KB - Virtual size: 85B

.rsrc Size: 4KB - Virtual size: 3KB

.text
Size: 212KB - Virtual size: 209KB

.rdata
Size: 188KB - Virtual size: 185KB

.data
Size: 316KB - Virtual size: 1023KB

.tls
Size: 4KB - Virtual size: 85B

.rsrc
Size: 4KB - Virtual size: 3KB