efeff5e603ad3dd1d5e6500ad564d6d1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

efeff5e603ad3dd1d5e6500ad564d6d1_JaffaCakes118
Size

356KB
MD5

efeff5e603ad3dd1d5e6500ad564d6d1
SHA1

2aa14a1c04c33ae7f1dbc7231f8b3af9c3ddd5eb
SHA256

a4c61e4913b2aa88d1b6a509bacc2af525c5d9eeff045d23281360d8bc627932
SHA512

2a9b31395c8216cafb4e798a4f937a80afc62781c54b63021cda4a079314cf422c5a178e0106c38237feffa65969ee5f69c489afcee2e21d95351f9ce041cc1c
SSDEEP

6144:US5cLKGt4vobsCJtivQXN5CF19QcGpMb24VZEPDItBk5FjuUU6:UG9GFYqjCFYcUg2IZEPctBwFjuUd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
efeff5e603ad3dd1d5e6500ad564d6d1_JaffaCakes118

Files

efeff5e603ad3dd1d5e6500ad564d6d1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

80cd48f017fae5db9fce5ef465202819

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
LocalFree
LocalAlloc
CloseHandle
GetCurrentThread
GetCurrentProcess
GetSystemTimeAsFileTime
GetFileAttributesExW
DeleteFileW
lstrcatW
GetVersionExW
WriteConsoleW
GetFileType
GetStdHandle
FindVolumeClose
FindNextVolumeW
CreateFileW
FindFirstVolumeW
DeviceIoControl
InterlockedExchange
GetModuleHandleA
LoadLibraryW
GetProcAddress
FreeLibrary
GetModuleFileNameW
lstrcpynW
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
GlobalAlloc
EnterCriticalSection
GetLastError
lstrcpyW
lstrlenW
VirtualAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GlobalFree
VirtualProtect
GetCommandLineA
GetModuleHandleW
GetStartupInfoA

user32

CharNextW
LoadStringW
CharPrevW

advapi32

GetTokenInformation
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegOpenKeyExW
RegSetValueExW
ConvertSidToStringSidW
LsaFreeMemory
LsaClose
LsaQueryInformationPolicy
LsaNtStatusToWinError
OpenThreadToken
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
InitializeAcl
DuplicateTokenEx
OpenProcessToken
RegQueryValueExW
RegConnectRegistryW
RegCreateKeyExW
AdjustTokenPrivileges

ole32

CoTaskMemFree
CoTaskMemAlloc

rpcrt4

UuidToStringW
UuidCreate
RpcStringFreeW

msvcr71

_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_except_handler3
iswspace
wcsncat
wcscat
wcscpy
_wcsicmp
wcscmp
wcslen
realloc
free
malloc
_initterm
_amsg_exit
_vsnwprintf
memset
_wtoi
vfwprintf
exit
_wcsupr
_iob
_c_exit
_exit
_XcptFilter
_ismbblead
_cexit
_acmdln
__getmainargs

Sections

.text
Size: 340KB - Virtual size: 337KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 306KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

80cd48f017fae5db9fce5ef465202819

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

rpcrt4

msvcr71

Sections

.text Size: 340KB - Virtual size: 337KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 306KB

.rsrc Size: 4KB - Virtual size: 2KB

.text
Size: 340KB - Virtual size: 337KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 306KB

.rsrc
Size: 4KB - Virtual size: 2KB