f6b5871a74b3a4d26f1e62c1bf7992f1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f6b5871a74b3a4d26f1e62c1bf7992f1_JaffaCakes118
Size

324KB
MD5

f6b5871a74b3a4d26f1e62c1bf7992f1
SHA1

6d0f249ed932bbbc696bec9dcaa968575977edee
SHA256

cafd251c926de1f3eba93ff5513425e995e37b13427d1153968a5450bd86101a
SHA512

f2950cfe97098f4b8369b0acedd0be06c65c2f81b3fe0417fae0d58c996a0b92e3c9113a23b8cf98286de8fb98f6ba0459230f3eba1b3fee689fbaecc7fd01bf
SSDEEP

6144:RIctQ3ylY9ymSv0mtV/Lb7jvv2TOUeYvjcBqJRyjHj/PlVbG6y0hEnqCl3:RIFt9vSv0cTTX2TvjEj1VbGh0h

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f6b5871a74b3a4d26f1e62c1bf7992f1_JaffaCakes118

Files

f6b5871a74b3a4d26f1e62c1bf7992f1_JaffaCakes118
.exe windows:5 windows x86 arch:x86

0639d70c460a2dbdc4b5e1eea251f763

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

wsprintfA

kernel32

GetStringTypeW
LCMapStringA
lstrcmpA
GetStringTypeA
lstrlenW
DeleteFileW
GlobalFree
HeapReAlloc
lstrcmpiA
GetModuleHandleA
GetTempPathW
GetProcessHeap
GetCPInfo
GetSystemInfo
LCMapStringW
GlobalAlloc
WriteFile
lstrcpyA
lstrlenA
GetLastError
VirtualProtect
CloseHandle
GetProcAddress
GetTempFileNameW
GetShortPathNameW
GetVersionExA
GetLocaleInfoA
CreateFileA
Sleep
CreateDirectoryW
FormatMessageA
LoadLibraryA
FreeLibrary
LoadLibraryW
GetTickCount
VirtualAlloc
lstrcmpiW
MultiByteToWideChar
HeapFree
ExitProcess
VirtualFree
HeapAlloc

setupapi

SetupDiDestroyDeviceInfoList
SetupPromptForDiskA
SetupDiOpenDevRegKey
SetupCloseInfFile
SetupDiGetDeviceInstanceIdW
SetupDiGetClassDevsW
SetupDiSetClassInstallParamsA
SetupDiCreateDeviceInfoList
SetupGetSourceFileLocationA
SetupDiCallClassInstaller
SetupDiEnumDeviceInfo
SetupGetSourceInfoA
SetupOpenMasterInf

ole32

CoCreateInstance
CoInitializeEx
CoUninitialize

tapi32

lineInitializeExW
lineGetID
lineOpen
lineClose
lineGetDevCapsW
lineShutdown
lineNegotiateAPIVersion

advapi32

RegQueryValueExW
CloseServiceHandle
RegCloseKey
ChangeServiceConfigA
RegQueryValueExA
RegSetValueExA
OpenServiceA
RegOpenKeyA
RegEnumKeyA
RegOpenKeyW
QueryServiceStatus
RegOpenKeyExA
StartServiceA
OpenSCManagerA

ntdll

NtAllocateVirtualMemory
RtlUshortByteSwap
LdrGetDllHandle

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 294KB - Virtual size: 294KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0639d70c460a2dbdc4b5e1eea251f763

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

setupapi

ole32

tapi32

advapi32

ntdll

Sections

.text Size: 15KB - Virtual size: 15KB

.rsrc Size: 294KB - Virtual size: 294KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 3KB - Virtual size: 1.4MB

.tls Size: 512B - Virtual size: 4KB

.text
Size: 15KB - Virtual size: 15KB

.rsrc
Size: 294KB - Virtual size: 294KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 3KB - Virtual size: 1.4MB

.tls
Size: 512B - Virtual size: 4KB