f6c6aaf06150504879095b05ac2a8618_JaffaCakes118

General

Target

f6c6aaf06150504879095b05ac2a8618_JaffaCakes118
Size

362KB
MD5

f6c6aaf06150504879095b05ac2a8618
SHA1

9632b79e22f49ee0f11fdd552c06eb2f74f30ca5
SHA256

345a2cbeddda26feeb8ac597c98355b41bf496e4d017a795a180b21031ffbb46
SHA512

5eb13a0240d451c493aa77cc27c30b44b97504d14a2e0935368c5e2f56ddf2c49e079e7278809fe06863c642725f0e55fcd7866b0555baf832024662db1235f1
SSDEEP

6144:HsRXSplP47kv4P1tAEzma1LiabouwnxmInVVMTk5/BS8aaqoVPKPP8z6OJhH:MRXSXP3wtiEr1uabo1mInVok5/Bzjq29

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f6c6aaf06150504879095b05ac2a8618_JaffaCakes118

Files

f6c6aaf06150504879095b05ac2a8618_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f550c259b26a2253e549090070bc3866

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

DuplicateTokenEx
ImpersonateLoggedOnUser
RegOpenCurrentUser
RevertToSelf
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
OpenThreadToken
EqualSid
OpenProcessToken
GetTokenInformation
CopySid
OpenEventLogW
ReportEventW
CloseEventLog
ConvertStringSidToSidW
ConvertSidToStringSidW
CheckTokenMembership
GetUserNameW
DuplicateToken
RegEnumKeyW
AddAccessAllowedAce
GetAce
SetFileSecurityW
DeleteAce
RegisterServiceCtrlHandlerW
SetServiceStatus
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAceEx
InitializeSecurityDescriptor
RegDeleteValueW
FreeSid
SetSecurityDescriptorDacl
RegDeleteKeyW
RegCreateKeyExW

rpcrt4

RpcRaiseException
I_RpcBindingInqTransportType
RpcImpersonateClient
RpcServerRegisterIfEx
RpcServerUseProtseqEpW
RpcServerUnregisterIf
UuidCreate
NdrServerCall2

Sections

0
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 844B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.4Q3l3
Size: 331KB - Virtual size: 330KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 428KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f550c259b26a2253e549090070bc3866

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

rpcrt4

Sections

0 Size: 7KB - Virtual size: 6KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 1024B - Virtual size: 844B

.4Q3l3 Size: 331KB - Virtual size: 330KB

.rsrc Size: 17KB - Virtual size: 16KB

.reloc Size: 1024B - Virtual size: 428KB

0
Size: 7KB - Virtual size: 6KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 1024B - Virtual size: 844B

.4Q3l3
Size: 331KB - Virtual size: 330KB

.rsrc
Size: 17KB - Virtual size: 16KB

.reloc
Size: 1024B - Virtual size: 428KB