04240dc93a80a1c502a916e057abfcb7_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

04240dc93a80a1c502a916e057abfcb7_JaffaCakes118
Size

124KB
MD5

04240dc93a80a1c502a916e057abfcb7
SHA1

534c60bbe3abefbb322533d76e72230004ccee91
SHA256

a98c243578bf63587df37073792ed5dd83fce6d931e928c77f1a4d6c27337713
SHA512

0bd7c996b08e4f578786fb92c363cc436d50aa39fc701d4534926ca10d4a00d6f636aa2696e2b114210f8be8ce54dffe96001715487cb4f6dc88f06fd1d91a39
SSDEEP

1536:r+YorkUiqu9om9nlrWppjVyZqgoG8G5L+3HSyznFtuYe6P/X6pl:rFqu9P9nlKpppyZDoG8G5+u63Kp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
04240dc93a80a1c502a916e057abfcb7_JaffaCakes118

Files

04240dc93a80a1c502a916e057abfcb7_JaffaCakes118
.exe windows:5 windows x86 arch:x86

6afba15952d3623b07097fd9fd9e5b5e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__setusermatherr
_initterm
__getmainargs
__initenv
exit
_adjust_fdiv
_XcptFilter
_exit
_c_exit
_stricmp
_wcsnicmp
wcscat
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_cexit
wcsrchr
wcslen
wcscpy

advapi32

SetServiceStatus
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
AllocateAndInitializeSid
FreeSid
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
GetLengthSid
InitializeAcl
AddAccessAllowedAce
AddAccessDeniedAce
GetAce
SetSecurityDescriptorDacl
GetSecurityDescriptorLength
MakeSelfRelativeSD
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW

kernel32

LeaveCriticalSection
EnterCriticalSection
SetLastError
OpenProcess
InterlockedIncrement
GetLastError
InterlockedDecrement
GetProcAddress
GetSystemDirectoryW
GetModuleHandleW
GetModuleHandleA
InitializeCriticalSection
SetEvent
RaiseException
LocalAlloc
FreeLibrary
InterlockedExchange
LocalFree
LoadLibraryA
ExitThread
CloseHandle
WaitForSingleObject
CreateEventW
CreateThread
ExitProcess
Sleep
OpenEventW

gdi32

GdiInitSpool
bMakePathNameW
GdiGetSpoolMessage

rpcrt4

RpcRevertToSelf
NdrServerCall2
RpcServerUseProtseqEpA
RpcServerRegisterIf2
I_RpcSsDontSerializeContext
RpcMgmtSetServerStackSize
RpcServerListen
RpcImpersonateClient

ntdll

RtlValidRelativeSecurityDescriptor

Exports

Exports

YDriverUnloadComplete
YEndDocPrinter
YFlushPrinter
YGetPrinterDriver2
YGetPrinterDriverDirectory
YReadPrinter
YSeekPrinter
YSetJob
YSetPort
YSplReadPrinter
YWritePrinter

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 78KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6afba15952d3623b07097fd9fd9e5b5e

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

advapi32

kernel32

gdi32

rpcrt4

ntdll

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 40KB

.data Size: 5KB - Virtual size: 4KB

.rsrc Size: 78KB - Virtual size: 99KB

.text
Size: 40KB - Virtual size: 40KB

.data
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 78KB - Virtual size: 99KB