fc11ced3798d31712edf71a1788785b0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fc11ced3798d31712edf71a1788785b0_JaffaCakes118
Size

317KB
MD5

fc11ced3798d31712edf71a1788785b0
SHA1

472edb30e4a930d61708e8eeaa9f95d809722354
SHA256

231791337003c470932405cfa808f9be06f40f9b74728ad822e8fa133f868322
SHA512

d126ab1e9a4be24eadf39b2cf96930fdf7d98a97d9c1b63938e423c8f20bae8bdfbca4052d737163cc06c4103d03d129a37380bdaa02ce5784b19e0cfb72f93f
SSDEEP

6144:DFNlHclB3ut1GAfiJ2jDqMF5VkFlCVztytE2jJXS+sgy2VRFJ7xSw1j4wH7uBCHE:JNanubGADjDNPVkF0VBWE2jJS+sgNbFy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fc11ced3798d31712edf71a1788785b0_JaffaCakes118

Files

fc11ced3798d31712edf71a1788785b0_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ef1efa55fa49142871079a792de38dae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

OpenServiceA
ChangeServiceConfigA
RegQueryValueExW
RegSetValueExA
RegCloseKey
QueryServiceStatus
OpenSCManagerA
RegOpenKeyW
RegEnumKeyA
RegOpenKeyExA
StartServiceA
RegQueryValueExA
RegOpenKeyA
CloseServiceHandle

ntdll

RtlUshortByteSwap
NtAllocateVirtualMemory
LdrGetDllHandle

setupapi

SetupDiGetDeviceInstanceIdW
SetupDiGetClassDevsW
SetupGetSourceFileLocationA
SetupDiEnumDeviceInfo
SetupCloseInfFile
SetupGetSourceInfoA
SetupOpenMasterInf
SetupDiOpenDevRegKey
SetupDiDestroyDeviceInfoList
SetupDiCallClassInstaller
SetupPromptForDiskA
SetupDiSetClassInstallParamsA
SetupDiCreateDeviceInfoList

tapi32

lineOpen
lineGetID
lineInitializeExW
lineNegotiateAPIVersion
lineShutdown
lineGetDevCapsW
lineClose

kernel32

GetVersionExA
GetTickCount
WriteFile
GlobalAlloc
GetSystemInfo
MultiByteToWideChar
VirtualAlloc
GetLastError
Sleep
lstrcmpA
WideCharToMultiByte
HeapFree
VirtualFree
ExitProcess
CreateFileA
GetProcAddress
GetProcessHeap
LoadLibraryA
VirtualProtect
FreeLibrary
CloseHandle
HeapAlloc
VirtualQuery
LCMapStringA
GetStringTypeW
lstrcpyA
GetLocaleInfoA
FormatMessageA
CreateDirectoryW
GlobalFree
lstrlenA
lstrlenW
DeleteFileW
LCMapStringW
lstrcmpiA
lstrcmpiW
HeapReAlloc
GetTempPathW
LoadLibraryW
GetTempFileNameW
GetStringTypeA
GetShortPathNameW

ole32

CoCreateInstance
CoUninitialize
CoInitializeEx

user32

wsprintfA

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 287KB - Virtual size: 286KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ef1efa55fa49142871079a792de38dae

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

ntdll

setupapi

tapi32

kernel32

ole32

user32

Sections

.text Size: 15KB - Virtual size: 15KB

.rsrc Size: 287KB - Virtual size: 286KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 3KB - Virtual size: 1.4MB

.tls Size: 512B - Virtual size: 4KB

.text
Size: 15KB - Virtual size: 15KB

.rsrc
Size: 287KB - Virtual size: 286KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 3KB - Virtual size: 1.4MB

.tls
Size: 512B - Virtual size: 4KB