01833549b8f8d4bf86916d524cca2e47_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

01833549b8f8d4bf86916d524cca2e47_JaffaCakes118
Size

116KB
MD5

01833549b8f8d4bf86916d524cca2e47
SHA1

8fa3bf5b668df5678641389293885f437fb96d1c
SHA256

ec65d568750990c399b186972fe0aa95b8097089c48fbca796f301f7e222781c
SHA512

00ceb9acfaccf0b41e08b7da849b505c2c641bc7b8dd94b6e9e3afbf1d2afb683f598eb037e5419da81d45a813300a3e3215f2c4266f9c142ba8f540011bb8d0
SSDEEP

3072:LM8JQZydXTGlNZw3vrNr8hMI+WnwuY3RD5BR:LMOQZCQZwDNwD3MRDF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
01833549b8f8d4bf86916d524cca2e47_JaffaCakes118

Files

01833549b8f8d4bf86916d524cca2e47_JaffaCakes118
.exe windows:5 windows x86 arch:x86

d403613ce748086d1df9f242c5e009f2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
Module32Next
ExitProcess
OpenEventW
SetEndOfFile
GetCurrentDirectoryA
LeaveCriticalSection
LCMapStringA
GetSystemTimeAsFileTime
DeviceIoControl
OutputDebugStringA
SuspendThread
GetCommandLineA
OpenProcess

advapi32

RegQueryValueExW
LookupAccountSidW
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyW
AllocateAndInitializeSid
AdjustTokenPrivileges
CreateServiceA
RegEnumKeyExW
CloseServiceHandle
StartServiceW
FreeSid
DeleteService
InitializeSecurityDescriptor

msvcrt

_read
_onexit
malloc
strchr
wcsncat
fputs
_initterm
isxdigit
_strnicmp
_wtoi
?terminate@@YAXXZ
__set_app_type
__p__fmode
??1type_info@@UAE@XZ
exit
_wmakepath
_vsnprintf
gmtime
calloc
_errno
memmove
towlower
__unDName
fprintf
_itoa
_dstbias
isalnum

gdi32

ExtTextOutA
CreatePen
DeleteObject
CreateSolidBrush
GetEnhMetaFilePaletteEntries
EndDoc
CreateICW
Arc
RealizePalette
CreatePalette
SetDIBits
FillRgn
CreateBitmapIndirect
CreateBrushIndirect
BeginPath
TextOutW
GetDIBits
SetStretchBltMode

version

GetFileVersionInfoSizeA
GetFileVersionInfoSizeW
GetFileVersionInfoA

Sections

.text
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.kdata
Size: 5KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d403613ce748086d1df9f242c5e009f2

Headers

File Characteristics

Imports

kernel32

advapi32

msvcrt

gdi32

version

Sections

.text Size: 83KB - Virtual size: 83KB

.data Size: 2KB - Virtual size: 2KB

.idata Size: 8KB - Virtual size: 77KB

.kdata Size: 5KB - Virtual size: 36KB

.rsrc Size: 17KB - Virtual size: 17KB

.text
Size: 83KB - Virtual size: 83KB

.data
Size: 2KB - Virtual size: 2KB

.idata
Size: 8KB - Virtual size: 77KB

.kdata
Size: 5KB - Virtual size: 36KB

.rsrc
Size: 17KB - Virtual size: 17KB