05b57d4dd85bb0164731f264891e4b69_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

05b57d4dd85bb0164731f264891e4b69_JaffaCakes118
Size

168KB
MD5

05b57d4dd85bb0164731f264891e4b69
SHA1

d6e56dcc99576e804591711a64d7a3eaa8352963
SHA256

a80cc31522bb40f277a282f1e8dca1e20c802c19085146f8950ed1b0eb22776e
SHA512

b33cdf037fdae5dcbec1b7cfecda8744b15719ae3553ddbe3d744ade24df651c3f4672b80fbfd8eeb9fd2f36a300b4be5c4afec422824cceb2b566adcbee362d
SSDEEP

3072:pyCaze4C32YdQWTU8OF+LT6e2w20Wo96fNOYwxlHR3tk0oeMPvrHImoWDsTM:d+e4CPXOF+/jYGINkxlFtAXXromY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
05b57d4dd85bb0164731f264891e4b69_JaffaCakes118

Files

05b57d4dd85bb0164731f264891e4b69_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0e2c5544fde14a7f7b2e4c1309187e48

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TlsSetValue
CompareStringA
DeleteFileW
GetFileSize
FindCloseChangeNotification
GlobalFree
Sleep
FormatMessageA
GetCPInfo
SetEvent
VirtualFree
SetEnvironmentVariableA
HeapReAlloc
GetThreadLocale
MultiByteToWideChar
SetEndOfFile
InterlockedExchange
WriteFile
CreateEventW
SetLastError
GetLocaleInfoA
GetFileType
CloseHandle
FindClose
lstrlenA
TlsAlloc
FreeLibrary
RegisterWaitForSingleObject
RaiseException
HeapCreate
SetFilePointerEx
CreateFileW
GetOEMCP
FormatMessageW
WaitForSingleObject
SleepEx
InitializeCriticalSection
InterlockedIncrement
GetLocalTime
IsDebuggerPresent
CompareStringW
GetFileSizeEx
GlobalAlloc
InterlockedCompareExchange
LockResource
UnhandledExceptionFilter
GlobalUnlock
InterlockedDecrement
WaitForSingleObjectEx
CreateFileA
InterlockedExchangeAdd
InitializeCriticalSectionAndSpinCount
FlushFileBuffers
LocalAlloc
LocalFree
ResetEvent
TryEnterCriticalSection
SetFilePointer
ReadFileEx
GetStdHandle
GetModuleFileNameW
CreateThread
GetVersionExW
TlsGetValue
GetVersionExA
GetSystemTime
ReadFile
SetUnhandledExceptionFilter
ReleaseMutex
FreeEnvironmentStringsA
TerminateProcess
GetModuleHandleA
CreateEventA
VirtualAlloc
GetStringTypeA
LCMapStringW
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
GetCurrentProcess
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
DeleteCriticalSection
GetCurrentThreadId
TlsFree
GetLastError
GetCurrentThread
HeapDestroy
HeapFree
RtlUnwind
EnterCriticalSection
LeaveCriticalSection
FatalAppExitA
GetACP
HeapAlloc
IsBadWritePtr
GetProcAddress
LoadLibraryA
LCMapStringA
GetStringTypeW

advapi32

LookupAccountSidA
RegCreateKeyW
IsValidSid
RegOpenKeyExA
RegDeleteKeyA
GetTokenInformation
GetSecurityDescriptorDacl
QueryServiceStatus
OpenThreadToken
RegCloseKey
CheckTokenMembership
RegQueryValueExA
RegOpenKeyExW
RegCreateKeyExA
AllocateAndInitializeSid
GetSidIdentifierAuthority
SetSecurityDescriptorDacl

msi

ord194

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 132KB - Virtual size: 237KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0e2c5544fde14a7f7b2e4c1309187e48

Headers

File Characteristics

Imports

kernel32

advapi32

msi

Sections

.text Size: 20KB - Virtual size: 16KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 132KB - Virtual size: 237KB

.rsrc Size: 4KB - Virtual size: 2KB

.text
Size: 20KB - Virtual size: 16KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 132KB - Virtual size: 237KB

.rsrc
Size: 4KB - Virtual size: 2KB