10a508197bfb3ad944457c43b09fd5b6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

10a508197bfb3ad944457c43b09fd5b6_JaffaCakes118
Size

156KB
MD5

10a508197bfb3ad944457c43b09fd5b6
SHA1

c30dccbb93f17e8441c272cafb3f3d4acf87f76c
SHA256

df8dc46220791c9985c57275716faad07e210c77d50586ab1795840ad3f2360f
SHA512

19a8be9e15cc8eb0b3127e33ef044c8f6ee2f8e005eb0dfcad7cbc48b599b14a275fc116d17fbf2871b89213d811308639fac7418c436a5784d38466f71da61a
SSDEEP

3072:q2GAU4Nmpai3IcW8WYC3pFJ5P30LtdgY0AeJ8P3VrHEm2lA2M+FsS+1mnv:qzMe3urP5F/sRjiVsS2S

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
10a508197bfb3ad944457c43b09fd5b6_JaffaCakes118

Files

10a508197bfb3ad944457c43b09fd5b6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7bd631ce20d6c40107dbb1e5ee9836ee

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareStringA
CreateThread
CreateToolhelp32Snapshot
DeviceIoControl
DisableThreadLibraryCalls
ExitThread
FindNextFileA
GetACP
GetCurrentProcess
GetCurrentProcessId
GetModuleHandleA
GetPrivateProfileStructA
GetStdHandle
GetSystemDirectoryA
GetThreadTimes
GetVersion
GetWindowsDirectoryA
GlobalFree
InitializeCriticalSection
IsValidLocale
LCMapStringA
LoadResource
Module32First
MoveFileA
ReadFile
ResumeThread
SetHandleCount
TlsAlloc
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
WriteConsoleA
lstrcatA
lstrcmpA

user32

CallNextHookEx
CharNextA
CheckMenuItem
DefWindowProcA
DialogBoxParamA
DrawFocusRect
EqualRect
GetActiveWindow
GetCursorPos
GetDlgCtrlID
GetDlgItem
GetDlgItemTextA
GetMessageA
GetWindowLongA
GetWindowTextA
GetWindowThreadProcessId
IsChild
IsRectEmpty
LoadBitmapA
LoadCursorA
LoadImageA
MessageBoxA
PostQuitMessage
ReleaseCapture
ReleaseDC
SetCursor
SetTimer
SetWindowLongA
SetWindowTextA
ShowWindow
UnhookWindowsHookEx
UnregisterClassA
UpdateWindow
wsprintfA

advapi32

AllocateAndInitializeSid
ChangeServiceConfig2A
ControlService
DeleteService
FreeSid
GetSecurityDescriptorControl
GetUserNameA
LookupAccountSidA
LookupPrivilegeValueA
OpenProcessToken
OpenSCManagerA
OpenServiceA
QueryServiceConfig2A
RegCloseKey
RegCreateKeyExA
RegDeleteValueA
RegFlushKey
RegOpenKeyA
RegOpenKeyExA
RegQueryInfoKeyA
RegQueryValueExA
RegSetValueExA
RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceA
StartServiceCtrlDispatcherA
UnlockServiceDatabase

Sections

.text
Size: 141KB - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7bd631ce20d6c40107dbb1e5ee9836ee

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 141KB - Virtual size: 141KB

.data Size: 2KB - Virtual size: 85KB

.bss Size: - Virtual size: 6KB

.data1 Size: 7KB - Virtual size: 6KB

.idata Size: 3KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 880B

.text
Size: 141KB - Virtual size: 141KB

.data
Size: 2KB - Virtual size: 85KB

.bss
Size: - Virtual size: 6KB

.data1
Size: 7KB - Virtual size: 6KB

.idata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 880B