fde8cce7b39ec907071e30058ce2a4a8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fde8cce7b39ec907071e30058ce2a4a8_JaffaCakes118
Size

315KB
MD5

fde8cce7b39ec907071e30058ce2a4a8
SHA1

935cb9ce3b823f77b84bfa76426038dfed4abb40
SHA256

5aadf719df40c08fad00ba2573e748cf9719b42211b6f439778e639badd29954
SHA512

a0750d02d21a3cac5984ea90b0c551d95880cd598cdfd77b2a70cf9ffbdbd5ba70986a02cab3e4a644e9da755e93f935196654e68b3d3652834c09b013bd9282
SSDEEP

6144:Gaunq14l2wUpj1NoTc3aeZ4U3Mmkj0Vc/zRtPhLB8or4rZFWsPQ+:JAPUpBzKo4URkgVi7r8ldF7Q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fde8cce7b39ec907071e30058ce2a4a8_JaffaCakes118

Files

fde8cce7b39ec907071e30058ce2a4a8_JaffaCakes118
.exe windows:5 windows x86 arch:x86

fd745a9f1081de7d2371090ea4a083de

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoCreateInstance
CoUninitialize
CoInitializeEx

advapi32

RegEnumKeyA
RegOpenKeyExA
StartServiceA
ChangeServiceConfigA
RegOpenKeyA
CloseServiceHandle
RegOpenKeyW
QueryServiceStatus
RegSetValueExA
OpenServiceA
RegQueryValueExA
RegCloseKey
RegQueryValueExW
OpenSCManagerA

kernel32

VirtualAlloc
WideCharToMultiByte
HeapFree
GetShortPathNameW
GetModuleHandleA
GetLocaleInfoA
CreateFileA
GetTempFileNameW
GetVersionExA
CloseHandle
WriteFile
HeapReAlloc
GetTickCount
GetTempPathW
MultiByteToWideChar
GetLastError
LCMapStringA
LoadLibraryA
VirtualProtect
VirtualQuery
LCMapStringW
Sleep
GetProcessHeap
lstrlenA
lstrcmpA
DeleteFileW
GlobalAlloc
lstrcmpiW
lstrcpyA
GetStringTypeW
FreeLibrary
GetSystemInfo
ExitProcess
lstrlenW
GetProcAddress
lstrcmpiA
CreateDirectoryW
VirtualFree
GlobalFree
HeapAlloc
GetStringTypeA
LoadLibraryW

ntdll

LdrGetDllHandle
RtlUshortByteSwap
NtAllocateVirtualMemory

user32

wsprintfA

tapi32

lineOpen
lineInitializeExW
lineShutdown
lineNegotiateAPIVersion
lineGetID
lineClose
lineGetDevCapsW

setupapi

SetupOpenMasterInf
SetupDiCallClassInstaller
SetupDiDestroyDeviceInfoList
SetupPromptForDiskA
SetupGetSourceFileLocationA
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW
SetupDiOpenDevRegKey
SetupDiGetDeviceInstanceIdW
SetupCloseInfFile
SetupGetSourceInfoA
SetupDiCreateDeviceInfoList
SetupDiSetClassInstallParamsA

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 285KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fd745a9f1081de7d2371090ea4a083de

Headers

DLL Characteristics

File Characteristics

Imports

ole32

advapi32

kernel32

ntdll

user32

tapi32

setupapi

Sections

.text Size: 15KB - Virtual size: 15KB

.rsrc Size: 285KB - Virtual size: 284KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 3KB - Virtual size: 1.4MB

.tls Size: 512B - Virtual size: 4KB

.text
Size: 15KB - Virtual size: 15KB

.rsrc
Size: 285KB - Virtual size: 284KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 3KB - Virtual size: 1.4MB

.tls
Size: 512B - Virtual size: 4KB