fbdf482cf0f2df77b62b7519df769e91_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

fbdf482cf0f2df77b62b7519df769e91_JaffaCakes118
Size

13KB
MD5

fbdf482cf0f2df77b62b7519df769e91
SHA1

cf395b655d53b36aa4dc167a92db0b0c7ed09162
SHA256

2a24f59d630bd58fbe2a8e150dc049a5770f21fd5872803185db4cf7960e3f56
SHA512

5883b877beafe051857887822727bb35760bc2cf4e6000768749de34ea6a6d4fe8991fd24182d4cc997d42f941a6c492235bafe6fab289ee2007aedb1397b98b
SSDEEP

192:CKMQO3H0oOY60jT0+nO/hQ+TymsCte7+XOZjJyORbwfWVmW7uCI4F:HMBHll6wg+O/hQ+2mM7+XOZUKSUmWJIC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fbdf482cf0f2df77b62b7519df769e91_JaffaCakes118

Files

fbdf482cf0f2df77b62b7519df769e91_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f9655a67968841d432d338adced38c2c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

AllocateAndInitializeSid
GetTokenInformation
RegDeleteKeyW
RegDeleteValueW
FreeSid
RegSetValueExW
RegSetValueW
OpenProcessToken
RegEnumValueW
RegEnumKeyW
RegUnLoadKeyW
RegQueryInfoKeyW
RegQueryValueExW
RegCloseKey
EqualSid
RegOpenKeyExA
RegOpenKeyExW
AdjustTokenPrivileges
RegSaveKeyW
RegFlushKey
RegLoadKeyW
RegCreateKeyExW
RegQueryValueExA
LookupPrivilegeValueW

gdi32

GetObjectW
CreateFontIndirectW
GetStockObject
DeleteObject
GetDeviceCaps

setupapi

SetupCommitFileQueueW
SetupQueueCopyW
SetupInstallFromInfSectionW
SetupTermDefaultQueueCallback
SetupInitDefaultQueueCallbackEx
SetupFindNextLine
SetupCloseInfFile
SetupDefaultQueueCallbackW
SetupCloseFileQueue
SetupGetStringFieldW
SetupOpenFileQueue
SetupSetDirectoryIdW
SetupGetLineTextW
SetupOpenAppendInfFileW
SetupFindFirstLineW
SetupOpenInfFileW

kernel32

GetStartupInfoA

msvcrt

_wtoi
_initterm
free
memmove
_vsnprintf
longjmp
_wtol
_wcsnicmp
_vsnwprintf
_adjust_fdiv
bsearch
_setjmp3
malloc
memset
_wcsicmp
_ultow
_XcptFilter
_amsg_exit
memcpy

ntdll

NtAllocateVirtualMemory
RtlAdjustPrivilege

shlwapi

PathRemoveFileSpecW
StrStrIW
StrRChrW
PathAddBackslashW
PathAppendW
StrChrW
PathCombineW
PathBuildRootW
PathFileExistsW

oleaut32

VariantClear

ole32

CoTaskMemFree
OleInitialize
OleUninitialize

rpcrt4

RpcStringFreeW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f9655a67968841d432d338adced38c2c

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

gdi32

setupapi

kernel32

msvcrt

ntdll

shlwapi

oleaut32

ole32

rpcrt4

version

Sections

.text Size: 4KB - Virtual size: 4KB

.rsrc Size: 14KB - Virtual size: 14KB

.data Size: 512B - Virtual size: 40KB

.rdata Size: 5KB - Virtual size: 5KB

.text
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 14KB - Virtual size: 14KB

.data
Size: 512B - Virtual size: 40KB

.rdata
Size: 5KB - Virtual size: 5KB