075243acf7f29f7fd724be7b0f21eac8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

075243acf7f29f7fd724be7b0f21eac8_JaffaCakes118
Size

382KB
MD5

075243acf7f29f7fd724be7b0f21eac8
SHA1

23277e705f7f820b310f5a6c05c7031ca1fd6e13
SHA256

bea0856730f70b9b657b01ce407f3f5875721a4957e64d5d124507803363dc56
SHA512

4da7daed9d004be08dfbaf980e542f1a43f6c2e47d7ef48928eaf625d64b79c95158036ada86fdbdbe89c2629b8843260337e302ea9a05eb949e916dbc62fa9b
SSDEEP

6144:wcg0J05ezuop0SSIxTMLFhubak6IRauS7N6SKl7+pgyn/J92yAQHLaroM:wcgB5ivjILF07A6SKlaHnHv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
075243acf7f29f7fd724be7b0f21eac8_JaffaCakes118

Files

075243acf7f29f7fd724be7b0f21eac8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6ba04bbfcae3ad8e36003836de039424

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\With\An\Configuration\Are\Truth.pdb

Imports

kernel32

MoveFileExA
GetDiskFreeSpaceA
OpenFileMappingA
WaitForMultipleObjects
lstrcpyA
CreateDirectoryA
FindFirstFileA
FindNextFileA
ReadFileEx
WriteFileEx
CreateSemaphoreA
SetEndOfFile
GetFileSize
LocalFree
TerminateProcess
SetUnhandledExceptionFilter
ReadFile
GetCPInfo
GetLocaleInfoA
GetSystemInfo
VirtualProtect
SetStdHandle
LCMapStringW
WideCharToMultiByte
RtlUnwind
VirtualAlloc
Sleep
VirtualFree
HeapCreate
GetCurrentDirectoryA
GetCommandLineW
GetEnvironmentStrings
MultiByteToWideChar
GetModuleFileNameW
GetModuleFileNameA
GetModuleHandleA
ExitProcess
GetVersionExA
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
MoveFileExW
CopyFileW
FreeLibrary
BackupRead
BackupWrite
WriteFile
CreateFileW
SetFilePointer
GetProcessHeap
HeapAlloc
ExpandEnvironmentStringsW
GetCurrentProcess
SetLastError
CloseHandle
DeleteFileW
OutputDebugStringA
ResetEvent
LeaveCriticalSection
GlobalAlloc
GlobalFree
InitializeCriticalSection
DeleteCriticalSection
GetLastError
CompareStringW
GetUserDefaultLangID
GetSystemDefaultLangID
SleepEx
SetThreadPriority
CreateThread
GetExitCodeThread
ExpandEnvironmentStringsA
GetStartupInfoA
OpenSemaphoreA
GetStartupInfoW
CompareStringA
IsBadReadPtr
SetHandleCount
ExitThread

user32

GetAncestor
LoadStringW
IsWindowUnicode
IsCharAlphaA
GetParent
ShowWindow
GetDesktopWindow
GetSystemMetrics

advapi32

MakeSelfRelativeSD
RegOpenKeyA
DeregisterEventSource
AllocateAndInitializeSid
InitializeAcl
AddAccessAllowedAce
RegQueryValueExA
RegSetValueExA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
GetSecurityDescriptorControl
GetSecurityDescriptorLength
IsValidSecurityDescriptor
AdjustTokenPrivileges
RegOpenKeyExW
RegSetValueExW
OpenProcessToken
LookupPrivilegeValueW
ReportEventA

msvcrt

strncmp
fflush
memmove
fclose
fopen
printf
getchar
atoi
strchr
wcschr
wcslen
free
strcspn
swprintf
sprintf
toupper
fprintf

rpcrt4

RpcStringFreeW
RpcBindingFree
RpcBindingFromStringBindingW

Sections

.text
Size: 365KB - Virtual size: 365KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TLS
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 14KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6ba04bbfcae3ad8e36003836de039424

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

msvcrt

rpcrt4

Sections

.text Size: 365KB - Virtual size: 365KB

_TLS Size: 512B - Virtual size: 16B

.data Size: 14KB - Virtual size: 26KB

.rsrc Size: 1024B - Virtual size: 1016B

.text
Size: 365KB - Virtual size: 365KB

_TLS
Size: 512B - Virtual size: 16B

.data
Size: 14KB - Virtual size: 26KB

.rsrc
Size: 1024B - Virtual size: 1016B