ff8f624bb14c3878e637bd5805de69ff_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ff8f624bb14c3878e637bd5805de69ff_JaffaCakes118
Size

324KB
MD5

ff8f624bb14c3878e637bd5805de69ff
SHA1

7bdd97b0b1f827c89158a322699393305395f67c
SHA256

b8d09717e95b63f422097c0e6c289ffd417768a896c5027820c70e018efcfcf4
SHA512

bfb19f4adc5925f0bf838be84684670a3622da74882c16cdcd59b383c8a5811ca6544e662c5411339ad534ee5c1d4376b16c9861019c79e3722b4cb196253ee2
SSDEEP

6144:SiFiAHBDNAI+EczDDGgqX37WGbw+uqHb2NDFPaaSRaDqu5aHBUtIReFWdS:Si1xNAI23DKrWGbVuFDAau81y0WdS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ff8f624bb14c3878e637bd5805de69ff_JaffaCakes118

Files

ff8f624bb14c3878e637bd5805de69ff_JaffaCakes118
.exe windows:5 windows x86 arch:x86

8a67bb7f02eda1b71f82a774ccb72586

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualProtect
VirtualAlloc
LCMapStringA
FormatMessageA
lstrlenW
GetStringTypeW
GetTempFileNameW
lstrcmpiW
FreeLibrary
GetProcessHeap
lstrcpyA
GlobalAlloc
HeapFree
DeleteFileW
LoadLibraryW
CreateDirectoryW
GetSystemInfo
lstrcmpA
CreateFileA
WriteFile
VirtualFree
GetModuleHandleA
GetCPInfo
GetTempPathW
MultiByteToWideChar
GetStringTypeA
ExitProcess
GetTickCount
WideCharToMultiByte
LCMapStringW
CloseHandle
lstrcmpiA
GetVersionExA
HeapAlloc
HeapReAlloc
GetProcAddress
GetShortPathNameW
GetLocaleInfoA
lstrlenA
Sleep
GlobalFree
VirtualQuery

user32

wsprintfA

tapi32

lineGetDevCapsW
lineNegotiateAPIVersion
lineClose
lineInitializeExW
lineShutdown
lineOpen
lineGetID

setupapi

SetupCloseInfFile
SetupDiGetClassDevsW
SetupDiGetDeviceInstanceIdW
SetupDiOpenDevRegKey
SetupGetSourceInfoA
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupOpenMasterInf
SetupDiCallClassInstaller
SetupPromptForDiskA
SetupDiSetClassInstallParamsA
SetupDiCreateDeviceInfoList
SetupGetSourceFileLocationA

ntdll

RtlUshortByteSwap
NtCreateDebugObject
NtAllocateVirtualMemory

ole32

CoUninitialize
CoInitializeEx
CoCreateInstance

advapi32

StartServiceA
QueryServiceStatus
OpenServiceA
CloseServiceHandle
RegEnumKeyA
OpenSCManagerA
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyW
RegQueryValueExW
RegCloseKey
ChangeServiceConfigA
RegOpenKeyA
RegSetValueExA

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 294KB - Virtual size: 294KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8a67bb7f02eda1b71f82a774ccb72586

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

tapi32

setupapi

ntdll

ole32

advapi32

Sections

.text Size: 15KB - Virtual size: 15KB

.rsrc Size: 294KB - Virtual size: 294KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 3KB - Virtual size: 1.4MB

.tls Size: 512B - Virtual size: 4KB

.text
Size: 15KB - Virtual size: 15KB

.rsrc
Size: 294KB - Virtual size: 294KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 3KB - Virtual size: 1.4MB

.tls
Size: 512B - Virtual size: 4KB