efe1ea108d3ad5cef4ab5d516d8ba24a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

efe1ea108d3ad5cef4ab5d516d8ba24a_JaffaCakes118
Size

162KB
MD5

efe1ea108d3ad5cef4ab5d516d8ba24a
SHA1

c6a42659b261f0175e3773bfb3f93a7e936365ae
SHA256

fd54630dd99114fa99e6b96509f1c1ae7b1ad2ab4ef8a4ef4fd21a534acfd4fa
SHA512

ffded7fd153afdb3455e329646ec21c2d5548727532b60c51bdad9aafffeaeb826d023b5bc6a4afe58b7e32888fae8842dc3ddf2e9b7935ee9083b5347dd42bb
SSDEEP

3072:7KZuoOlJONNYCPro7WFEeEgK2kveggsVcdCtArmfhxI6EHS:7KZuPUNYurBF1/K2EezsK5rmI6l

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
efe1ea108d3ad5cef4ab5d516d8ba24a_JaffaCakes118

Files

efe1ea108d3ad5cef4ab5d516d8ba24a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

6a5067f4f1e3e4a76b3c8b66bc4926b4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCPInfo
HeapAlloc
VirtualAlloc
HeapReAlloc
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
RtlUnwind
GetLocaleInfoA
VirtualProtect
GetSystemInfo
VirtualQuery
HeapFree
VirtualFree
HeapCreate
HeapDestroy
GetFileType
SetHandleCount
GetEnvironmentStringsW
GetLastError
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetModuleFileNameA
GetStdHandle
WriteFile
GetOEMCP
ExitProcess
GetVersionExA
GetCommandLineA
GetModuleHandleA
GetStartupInfoA
CloseHandle
CreateMutexA
CreateDirectoryA
GetFileAttributesA
SetLastError
CopyFileA
SetFileAttributesA
DeleteFileA
GetCurrentProcess
RemoveDirectoryA
FindClose
FindNextFileA
FindFirstFileA
MoveFileA
GetWindowsDirectoryA
GetTempPathA
FreeLibrary
SetFilePointer
SetStdHandle
FlushFileBuffers
ReadFile
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetEndOfFile
GetProcessHeap
GetACP
GetProcAddress
LoadLibraryA

advapi32

RegGetKeySecurity
GetLengthSid
InitializeAcl
AddAccessAllowedAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegSetKeySecurity
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
AllocateAndInitializeSid
OpenProcessToken
GetTokenInformation
EqualSid
FreeSid
RegCloseKey
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA

user32

EndDialog
SetWindowTextA
SetDlgItemTextA
MessageBoxA
DialogBoxParamA

cfgmgr32

CM_Create_DevNodeA
CM_Locate_DevNodeA

shell32

SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc

setupapi

SetupCloseInfFile
SetupDiGetClassDevsA
SetupDiGetDeviceRegistryPropertyA
SetupDiDestroyDeviceInfoList
SetupDiCreateDeviceInfoList
SetupDiCreateDeviceInfoA
SetupDiSetDeviceRegistryPropertyA
SetupDiCallClassInstaller
SetupDiEnumDeviceInfo
SetupFindNextLine
SetupFindFirstLineA
SetupGetStringFieldA
SetupDiGetINFClassA
SetupOpenInfFileA
SetupCopyOEMInfA
SetupIterateCabinetA

Sections

.text
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6a5067f4f1e3e4a76b3c8b66bc4926b4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

user32

cfgmgr32

shell32

setupapi

Sections

.text Size: 58KB - Virtual size: 58KB

.data Size: 2KB - Virtual size: 7KB

.rsrc Size: 100KB - Virtual size: 100KB

.text
Size: 58KB - Virtual size: 58KB

.data
Size: 2KB - Virtual size: 7KB

.rsrc
Size: 100KB - Virtual size: 100KB