f09d3a79b694dab3fa54e31725f1b0eb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f09d3a79b694dab3fa54e31725f1b0eb_JaffaCakes118
Size

132KB
MD5

f09d3a79b694dab3fa54e31725f1b0eb
SHA1

22fee5d687a0ccc5d15560882b7cbb68fef317b1
SHA256

574f602181df05043f80271865482b965e228f613fed60a1da2eab26558c32fc
SHA512

a821518c3063fa0af39b1c141b00875c867871ea5fe0779ce5c85191ab732dc1fcca8f65f54314372d87cab28176ffb60e53e6619172f0647d990a613f0608ea
SSDEEP

1536:/oBlsTU7Ii8xpz6+yNouObuYy1IqTRswtZBFO5qXoRGlDn:WDixpjyNoxLymaH/O5qXoRGlr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f09d3a79b694dab3fa54e31725f1b0eb_JaffaCakes118

Files

f09d3a79b694dab3fa54e31725f1b0eb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8b92337b861efe2ac0446ec04088ca2e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
CreateFileA
SizeofResource
LockResource
LoadResource
CloseHandle
GetLastError
FreeLibrary
GetCurrentProcessId
WaitForSingleObject
CreateThread
Sleep
OpenProcess
MultiByteToWideChar
VirtualAllocEx
WriteProcessMemory
GetModuleHandleA
GetProcAddress
CreateRemoteThread
GetVersionExA
GetModuleFileNameA
CopyFileA
lstrlenA
LoadLibraryA
FindResourceA
GetSystemDirectoryA
RtlUnwind
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
SetFilePointer
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
InterlockedDecrement
InterlockedIncrement
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
SetStdHandle
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers

advapi32

RegisterServiceCtrlHandlerA
SetServiceStatus
OpenServiceA
QueryServiceStatus
DeleteService
ControlService
OpenSCManagerA
CreateServiceA
CloseServiceHandle
RegOpenKeyA
RegSetValueExA
RegCloseKey
StartServiceCtrlDispatcherA
StartServiceA

psapi

EnumProcessModules
GetModuleFileNameExA
EnumProcesses

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.packet
Size: 80KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8b92337b861efe2ac0446ec04088ca2e

Headers

File Characteristics

Imports

kernel32

advapi32

psapi

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 12KB - Virtual size: 18KB

.packet Size: 80KB - Virtual size: 95KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 12KB - Virtual size: 18KB

.packet
Size: 80KB - Virtual size: 95KB