fa37a71942fc5fadead01703f310bb88_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fa37a71942fc5fadead01703f310bb88_JaffaCakes118
Size

292KB
MD5

fa37a71942fc5fadead01703f310bb88
SHA1

69792ed627ddb5f6e4f96db629ad2fd3fd306c4d
SHA256

084eb6bc4bc41878ba9ebb97cd5fa8cd90f2fdf3563dea1f9734ff5535516aed
SHA512

de33f365581ee208c54d51c63fe30efec7fbf94464e04f2c054796660fd2e0e4dad89b80798b41057a19eb7c15663f814aa51813f3738ad772cd02c8dc1aeeae
SSDEEP

6144:+iiPkJsdoXTsOi/Cg87W/Wm/0JsMDcPT+5WGFJaZOFpEZMmQ8y:+iiYD4H/MW/Wm7MDgTuaZxZMma

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fa37a71942fc5fadead01703f310bb88_JaffaCakes118

Files

fa37a71942fc5fadead01703f310bb88_JaffaCakes118
.exe windows:4 windows x86 arch:x86

63a3419c1cc0c7c4ed2c0ebfefa85093

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

s7aaapix

AUTSetDlgParent
AUTLogError

advapi32

OpenServiceA
RegCreateKeyExA
RegQueryValueExA
QueryServiceStatus
QueryServiceConfigA
CloseServiceHandle
OpenSCManagerA
RegCloseKey
RegSetValueExA

kernel32

SetWaitableTimer
InterlockedExchange
InterlockedExchangeAdd
CloseHandle
WaitForSingleObject
CreateEventA
WideCharToMultiByte
CreateWaitableTimerA
CreateThread
WaitForMultipleObjects
TerminateThread
SetEvent
CancelWaitableTimer
ResetEvent
GetCurrentProcessId
GetLastError
ReleaseMutex
Sleep
lstrcmpiA
GetCurrentThreadId
CreateMutexA
SetLastError
GetCommandLineA
lstrlenW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
MultiByteToWideChar
GetStartupInfoA

ole32

CoResumeClassObjects
CoSuspendClassObjects
CoCreateInstance
CoInitializeEx
CoDisconnectObject
CoUninitialize

oleaut32

LoadRegTypeLi
SafeArrayCreate
SafeArrayPutElement
SafeArrayDestroy
VariantClear
SysAllocString
SysAllocStringLen
SysStringLen
SysFreeString

user32

DispatchMessageA
CharNextA
PeekMessageA
GetMessageA
GetForegroundWindow
PostThreadMessageA

atl

ord58
ord30
ord23
ord21
ord20
ord17
ord18
ord57
ord16
ord32

msvcp60

??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ

msvcrt

strlen
??2@YAPAXI@Z
memset
_mbscmp
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
free
memcmp
memcpy
_except_handler3
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
__dllonexit
_onexit
realloc
_exit
malloc
_purecall
__CxxFrameHandler
_EH_prolog
wcscmp
?terminate@@YAXXZ

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 844B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

6�
Size: 236KB - Virtual size: 236KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

63a3419c1cc0c7c4ed2c0ebfefa85093

Headers

File Characteristics

Imports

s7aaapix

advapi32

kernel32

ole32

oleaut32

user32

atl

msvcp60

msvcrt

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 844B

.rsrc Size: 12KB - Virtual size: 9KB

6� Size: 236KB - Virtual size: 236KB

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 844B

.rsrc
Size: 12KB - Virtual size: 9KB

6�
Size: 236KB - Virtual size: 236KB