0100eb4c92305c1e1b78606cf5c12484_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0100eb4c92305c1e1b78606cf5c12484_JaffaCakes118
Size

295KB
MD5

0100eb4c92305c1e1b78606cf5c12484
SHA1

acc2de28a4296ed4cd6a19ca03f73c92a53e46fe
SHA256

efcddbec3135691e65680c6f1663bac6404571081beefe83e5369584e57a72f8
SHA512

a8eb9b12216a4e501efcab06e11fcf81612c97636250cefbfa6bf2d3fed6358e0e5ca19e15ccf528682efada8e4cecf2f1c1d0c868a26ab49b386105921f1a96
SSDEEP

6144:OfWOBDkoz6tOD8517IU/Z7OK+YDh1nBA+JA5dgPbfVa3mD2qxR3T6iy:Oj9buqcZ777Dh1nBba5ePbVH2qXD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0100eb4c92305c1e1b78606cf5c12484_JaffaCakes118

Files

0100eb4c92305c1e1b78606cf5c12484_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1958ea26678c5475df940476899109a6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegDeleteValueW
RegOpenKeyExA
RegQueryValueExW
RegDeleteKeyW
RegOpenKeyExW
RegConnectRegistryW
RegSetValueExW
RegSetValueA
RegDeleteKeyA
RegCloseKey
RegCreateKeyExW
RegCreateKeyExA
RegSetValueExA
RegQueryInfoKeyW

kernel32

SetLastError
LocalFree
InitializeCriticalSectionAndSpinCount
UnmapViewOfFile
SetFileAttributesW
SetFilePointer
HeapDestroy
CompareStringW
SwitchToThread
lstrlenA
GetCurrentDirectoryW
FlushViewOfFile
GetFileSize
EnterCriticalSection
HeapSize
GetFileType
HeapAlloc
VirtualAlloc
DeleteCriticalSection
CopyFileW
SetUnhandledExceptionFilter
CreateFileW
CloseHandle
GetSystemTimeAsFileTime
CreateFileMappingW
MapViewOfFileEx
LocalAlloc
RaiseException
LCMapStringW
ExpandEnvironmentStringsW
HeapReAlloc
UnhandledExceptionFilter
DeviceIoControl
VirtualFree
LeaveCriticalSection
HeapFree
IsDebuggerPresent
MapViewOfFile
WideCharToMultiByte
DeleteFileW
FreeLibrary
GetProcessHeap
GetCurrentThreadId
lstrlenW
GetSystemInfo

oleaut32

SysStringLen
SysFreeString
VariantInit
VariantClear
VariantCopy
SysAllocString
SysStringByteLen
VarBstrCat
SysAllocStringLen
SysAllocStringByteLen

ole32

CoTaskMemFree
CoTaskMemAlloc
StringFromGUID2
CreateStreamOnHGlobal
CoCreateInstance

rpcrt4

UuidCreate

msdart

mpCalloc
mpFree
MpGetHeapHandle
?sm_dblDfltSpinAdjFctr@CCritSec@@1NA
?sm_wDefaultSpinCount@CReaderWriterLock2@@1GA
MPInitializeCriticalSectionAndSpinCount
?sm_dblDfltSpinAdjFctr@CFakeLock@@1NA

nddeapi

NDdeShareDelW
NDdeIsValidShareNameA
NDdeSetTrustedShareA

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 265KB - Virtual size: 627KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1958ea26678c5475df940476899109a6

Headers

File Characteristics

Imports

advapi32

kernel32

oleaut32

ole32

rpcrt4

msdart

nddeapi

Sections

.text Size: 17KB - Virtual size: 17KB

.data Size: 265KB - Virtual size: 627KB

.rdata Size: 2KB - Virtual size: 175KB

.rsrc Size: 9KB - Virtual size: 20KB

.text
Size: 17KB - Virtual size: 17KB

.data
Size: 265KB - Virtual size: 627KB

.rdata
Size: 2KB - Virtual size: 175KB

.rsrc
Size: 9KB - Virtual size: 20KB