f00d08f96db3e1b5202054db1c16a686_JaffaCakes118

General

Target

f00d08f96db3e1b5202054db1c16a686_JaffaCakes118
Size

56KB
MD5

f00d08f96db3e1b5202054db1c16a686
SHA1

4ad8cc9f6fe6335a2e74207c1869daf94fad0833
SHA256

13d54f2796002b3c7e7ff083e6cdc29683c7e8d0d21b16a34fcba08cf0ea3260
SHA512

993f348f811003f21b98445c48951430458f3865c5ce4c114443d871e78f9f052b6867cc99c7abfa3ee0d5b76356e700e5e1ad63fbcfe45b799d6c489db80cba
SSDEEP

1536:3qY7i2CZn4xswnFEPxjy1qt44SPXPDWpk:zeTnA/npHPbCk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f00d08f96db3e1b5202054db1c16a686_JaffaCakes118

Files

f00d08f96db3e1b5202054db1c16a686_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f95367a0810960cff468698c420f552b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

AdjustTokenPrivileges
AllocateAndInitializeSid
CreateServiceA
FreeSid
LookupAccountSidA
OpenSCManagerA
QueryServiceConfig2A
RegEnumValueA
StartServiceA

kernel32

CompareStringA
CopyFileA
CreateDirectoryA
CreateFileA
EnterCriticalSection
ExitProcess
ExpandEnvironmentStringsA
GetACP
GetCPInfo
GetCommandLineA
GetCurrentProcess
GetCurrentThread
GetDateFormatA
GetExitCodeProcess
GetFullPathNameA
GetLocalTime
GetModuleFileNameA
GetProcAddress
GetProcessHeap
GetSystemInfo
GetTempFileNameA
GlobalFree
GlobalLock
GlobalUnlock
HeapDestroy
InterlockedCompareExchange
InterlockedDecrement
IsBadCodePtr
IsDebuggerPresent
LCMapStringA
LeaveCriticalSection
LoadLibraryA
LocalAlloc
Module32First
MultiByteToWideChar
QueryPerformanceCounter
ReadFile
RemoveDirectoryA
ResetEvent
SearchPathA
SetEndOfFile
SetEvent
SetHandleCount
SetLastError
Sleep
TlsGetValue
TlsSetValue
VirtualAlloc
VirtualQuery
WriteConsoleA
lstrcmpA
lstrcpynA

user32

DestroyMenu
GetAsyncKeyState
GetWindowThreadProcessId

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerFindFileA
VerInstallFileA
VerLanguageNameA
VerQueryValueA
VerQueryValueIndexA

Sections

.text
Size: 37KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.DATA
Size: 8KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f95367a0810960cff468698c420f552b

Headers

File Characteristics

Imports

advapi32

kernel32

user32

version

Sections

.text Size: 37KB - Virtual size: 40KB

.rdata Size: 512B - Virtual size: 4KB

.DATA Size: 8KB - Virtual size: 20KB

.data Size: 6KB - Virtual size: 8KB

.idata Size: 2KB - Virtual size: 4KB

.text
Size: 37KB - Virtual size: 40KB

.rdata
Size: 512B - Virtual size: 4KB

.DATA
Size: 8KB - Virtual size: 20KB

.data
Size: 6KB - Virtual size: 8KB

.idata
Size: 2KB - Virtual size: 4KB