01aede06342d40843fbf99a1f2fb4d64_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

01aede06342d40843fbf99a1f2fb4d64_JaffaCakes118
Size

504KB
MD5

01aede06342d40843fbf99a1f2fb4d64
SHA1

79e3b773e2c915c6b1d38754a625f7bc4d533c77
SHA256

929724d1cc5e25240ceed8ce4ae497e6b8bb796bd861338525245fd7d2d025d9
SHA512

8054466982c68cff3ce59aa9a83fba06ae82a5bd589cf324210017cb0f726776a7baee41d3be0dad4bff0f7e1eeb075e7c3d8ab626a7df74eee3afb8d75e0486
SSDEEP

12288:icjP5rd8/ovSkTukYz2VjJsOZiZpf8L/mYg:TT5a/suYVjJBiqg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
01aede06342d40843fbf99a1f2fb4d64_JaffaCakes118

Files

01aede06342d40843fbf99a1f2fb4d64_JaffaCakes118
.exe windows:4 windows x86 arch:x86

39558fb4604599d632b7ca699cb635db

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

yjbbbrh.pdb

Imports

kernel32

MapViewOfFileEx
OpenFileMappingW
CompareStringA
GetSystemDefaultLCID
UnmapViewOfFile
lstrcmpiA
DeleteTimerQueueTimer
CreateTimerQueueTimer
lstrlenW
CreateFileMappingW
GetModuleFileNameA
GetProfileStringA
CreateFileA
VirtualAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
GetModuleHandleW
GetModuleFileNameW
lstrcpyW
FormatMessageW
InterlockedCompareExchange
InterlockedIncrement
InterlockedExchange
CreateEventW
GetEnvironmentVariableW
IsDebuggerPresent
OutputDebugStringA
DebugBreak
ExpandEnvironmentStringsW
DisableThreadLibraryCalls
GetCurrentProcessId
LocalAlloc
lstrcmpW
LocalFree
CloseHandle
GetSystemTimeAsFileTime
OpenSemaphoreA
GetFileInformationByHandle
GetTimeZoneInformation
GetVersionExA
GetLocaleInfoW
lstrlenA
GetLastError

user32

CharLowerBuffW
wsprintfW

advapi32

LookupAccountSidW
AllocateAndInitializeSid
RegQueryInfoKeyW
RegConnectRegistryW
GetLengthSid
EqualSid
RegisterEventSourceW
ReportEventW
DeregisterEventSource
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptAcquireContextW
OpenProcessToken
GetTokenInformation
RegSetValueExW
RegEnumKeyExW
RegOpenKeyW
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
QueryServiceStatus
CloseServiceHandle
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegNotifyChangeKeyValue
RegQueryValueExW
RevertToSelf
SetThreadToken
FreeSid
OpenThreadToken
CheckTokenMembership

ntdll

wcschr
wcscmp
strspn

msvcrt

setlocale
wcscoll
vfprintf

secur32

FreeContextBuffer

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 440KB - Virtual size: 820KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

39558fb4604599d632b7ca699cb635db

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ntdll

msvcrt

secur32

Sections

.text Size: 28KB - Virtual size: 25KB

.data Size: 440KB - Virtual size: 820KB

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 28KB - Virtual size: 24KB

.text
Size: 28KB - Virtual size: 25KB

.data
Size: 440KB - Virtual size: 820KB

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 28KB - Virtual size: 24KB