f36eb03a20fe643fd4d252785c4cff49_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

f36eb03a20fe643fd4d252785c4cff49_JaffaCakes118
Size

485KB
MD5

f36eb03a20fe643fd4d252785c4cff49
SHA1

d4eb1a300e53381f765d0f1ad30cf515c4417f9d
SHA256

ee21b16de440773fe80af44967a07ff207749ae37a4aa5eb21690f357491cce3
SHA512

eb643fbd8658ab0190e4f5d32f7609ae7909cdc41bde2f0e0ddd4050548f319affe36f3135fc3554946999db2e85d220d8dc41f336f9092cd6c42509906e0e4b
SSDEEP

6144:WVTmaPmEjiN9X93byQ3faYSmVOjYNRmWebjYCg0BnnjbLU0wTGYVevJLVpRhFGhE:WVTmauWiN9FuQBMWebzzvwTGgy5GhE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f36eb03a20fe643fd4d252785c4cff49_JaffaCakes118

Files

f36eb03a20fe643fd4d252785c4cff49_JaffaCakes118
.exe windows:5 windows x86 arch:x86

7f139d0678fefdc70c00658e020d0d47

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetTapePosition
GetSystemTimes
PeekNamedPipe
GetMailslotInfo
lstrcmpW
lstrlenA
OpenSemaphoreW
LoadLibraryA
GetModuleFileNameW
GetProcessShutdownParameters
GetFirmwareEnvironmentVariableW
FindResourceExA
EnumResourceTypesW
EndUpdateResourceA
GetProfileStringW
WritePrivateProfileSectionW
GetPrivateProfileSectionNamesW
GetCurrentDirectoryW
CreateDirectoryExA
DefineDosDeviceW
GetFileAttributesExW
SetCommTimeouts
CopyFileA
IsBadStringPtrW
BuildCommDCBAndTimeoutsA
CommConfigDialogA
GetDefaultCommConfigW
OpenJobObjectW
IsProcessInJob
ReleaseActCtx
GetNumaHighestNodeNumber
GetCPInfo
GetCalendarInfoW
SetCalendarInfoA
EnumDateFormatsW
GetUserDefaultLangID
PeekConsoleInputW
AllocConsole
CreateFileW
CloseHandle
WriteConsoleW
SetStdHandle
GetCommTimeouts
ClearCommBreak
GetFileTime
DeviceIoControl
GetStdHandle
GetFileSize
LockFileEx
WaitForSingleObject
GetLastError
GetExitCodeThread
UnhandledExceptionFilter
GetEnvironmentStringsW
GetProcessTimes
HeapWalk
GetProcAddress
HeapReAlloc
HeapDestroy
VirtualProtect
GlobalMemoryStatusEx
GlobalLock
GlobalAlloc
DeleteFileA
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
GetStringTypeW
HeapFree
RaiseException
RtlUnwind
GetCommandLineA
HeapAlloc
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
IsProcessorFeaturePresent
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ExitProcess
GetModuleHandleExW
HeapSize
GetProcessHeap
IsDebuggerPresent
GetCurrentThreadId
GetFileType
GetModuleFileNameA
WriteFile
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
FreeEnvironmentStringsW
IsValidCodePage
GetACP
GetOEMCP
LoadLibraryExW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
OutputDebugStringW
FlushFileBuffers
ReadFile
ReadConsoleW

user32

EnumThreadWindows
GetWindowRgn
GetMonitorInfoW

advapi32

RegOpenKeyExA
RegisterServiceCtrlHandlerA
QueryServiceConfigW
ControlService
RegQueryValueExW
RegQueryValueExA
RegQueryValueW
RegEnumValueW
RegCreateKeyW
RegCloseKey
SetKernelObjectSecurity
SetPrivateObjectSecurity
CreatePrivateObjectSecurityEx
SetSecurityDescriptorControl
AddAuditAccessAceEx
GetAce
AreAnyAccessesGranted
ObjectCloseAuditAlarmW
ObjectPrivilegeAuditAlarmW
OpenThreadToken
ClearEventLogA

Sections

.text
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 36.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 291KB - Virtual size: 294KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 37.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7f139d0678fefdc70c00658e020d0d47

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 118KB - Virtual size: 118KB

.rdata Size: 42KB - Virtual size: 42KB

.data Size: 13KB - Virtual size: 36.0MB

.text Size: 291KB - Virtual size: 294KB

.rsrc Size: 11KB - Virtual size: 37.8MB

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 118KB - Virtual size: 118KB

.rdata
Size: 42KB - Virtual size: 42KB

.data
Size: 13KB - Virtual size: 36.0MB

.text
Size: 291KB - Virtual size: 294KB

.rsrc
Size: 11KB - Virtual size: 37.8MB

.reloc
Size: 7KB - Virtual size: 7KB