fa5e90ae7ee63cbb4d0445e7e15037d5_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

fa5e90ae7ee63cbb4d0445e7e15037d5_JaffaCakes118
Size

129KB
MD5

fa5e90ae7ee63cbb4d0445e7e15037d5
SHA1

008bfd3c557c25783a5bb92406fe7454d92e50f9
SHA256

39622cc17c146a63adc4166662246ea610283178ff232241c943bfa5148d2871
SHA512

627e7e81e035634c74f517326f4424c2c36b22ccd27f528888b7787aee9b14df3c226ffebe31b7ceb632b0d01befae5d2f5a071c1570403f5fbdf50f250bca2a
SSDEEP

3072:u6UT5CvLXIrlMU/Y3tcjoq+IqhOC/GWvaflucQHUU9UpdU:u6UWIhY3tcjoq+VhwWvC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fa5e90ae7ee63cbb4d0445e7e15037d5_JaffaCakes118

Files

fa5e90ae7ee63cbb4d0445e7e15037d5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f03eae40b315ad47bb389a1f6cc6a5ef

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateToolhelp32Snapshot
DeleteFileA
MoveFileExA
CopyFileA
MultiByteToWideChar
FreeResource
WriteFile
CreateFileA
LockResource
Sleep
LoadResource
SizeofResource
FindResourceA
Process32First
GetFileTime
SetFileAttributesA
GetSystemWindowsDirectoryA
GetModuleFileNameA
GetSystemDirectoryA
CreateProcessA
FindClose
FindFirstFileA
InitializeCriticalSection
DeleteCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcessId
Process32Next
GetVersion
FreeLibrary
OpenProcess
CreateRemoteThread
WaitForSingleObject
GetCurrentProcess
GetLastError
CloseHandle
LoadLibraryA
GetProcAddress
SetFileTime
GetCurrentThreadId
GetTickCount
RtlUnwind
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersionExA
InterlockedExchange
VirtualQuery
GetACP
GetOEMCP
GetCPInfo
LCMapStringA
WideCharToMultiByte
LCMapStringW
HeapReAlloc
HeapAlloc
ExitProcess
TerminateProcess
HeapSize
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapDestroy
HeapCreate
VirtualFree
HeapFree
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
VirtualProtect
VirtualAlloc
GetSystemInfo
IsBadWritePtr
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
QueryPerformanceCounter

user32

wsprintfA

advapi32

ControlService
DeleteService
OpenSCManagerA
CreateServiceA
OpenServiceA
StartServiceA
QueryServiceStatus
CloseServiceHandle
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

sfc

SfcIsFileProtected

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f03eae40b315ad47bb389a1f6cc6a5ef

Headers

File Characteristics

Imports

kernel32

user32

advapi32

sfc

Sections

.text Size: 26KB - Virtual size: 25KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 1KB - Virtual size: 4KB

.rsrc Size: 93KB - Virtual size: 92KB

.text
Size: 26KB - Virtual size: 25KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 1KB - Virtual size: 4KB

.rsrc
Size: 93KB - Virtual size: 92KB