0df38a4f025226bc2e493ca1199e22ed_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0df38a4f025226bc2e493ca1199e22ed_JaffaCakes118
Size

204KB
MD5

0df38a4f025226bc2e493ca1199e22ed
SHA1

8fe484a4f25555395c0fde3aec81933eecf757b1
SHA256

ee74e0372241c49e175c9a2db5fa204c9dce77f02d1aa7b699b4fe746347d325
SHA512

ebf2829aa4d32d6842141c43db3c2d0b6f1409ba2a7be7e061a5f0f10906dec9d7894bbc7b28550966d2d24cd3f6c5507e9a8f048c3af9146a20a8a9634da5df
SSDEEP

3072:0kVlhJiZYoasNszdt6wrhIbaaq1e/z4QATqwJfUhw7FwQ27R7uxtkqLLWF4FQ:JlWGuNsdtjhIFye/z4MUC3ykcWSQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0df38a4f025226bc2e493ca1199e22ed_JaffaCakes118

Files

0df38a4f025226bc2e493ca1199e22ed_JaffaCakes118
.exe windows:5 windows x86 arch:x86

9a867ea8fd8cd9b230e73fedaf2c638c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueW
GetFileVersionInfoA

msvcrt

ctime
wcstol
_ftol
_amsg_exit
swprintf
_strlwr
strncmp
fputc
wcstok
_acmdln
_purecall
isdigit
isspace
exit
isxdigit
__p__fmode

advapi32

EqualSid
LookupAccountSidW
UnlockServiceDatabase
ChangeServiceConfigA
OpenProcessToken
SetSecurityDescriptorDacl
RegOpenKeyW
LookupPrivilegeValueA
RegSetValueExA
OpenServiceA
OpenSCManagerW
RegCreateKeyW
RegQueryValueExW
RegEnumValueW
RegCreateKeyExW
FreeSid
QueryServiceStatus
RegSetValueExW
RegDeleteKeyA
CloseServiceHandle
InitializeSecurityDescriptor
SetServiceStatus
OpenSCManagerA
EnumServicesStatusExA
RegCreateKeyExA
RegOpenKeyExA
GetTokenInformation
RegQueryInfoKeyA
RegFlushKey
RegisterServiceCtrlHandlerA

gdi32

SelectClipRgn
GetPixel
SetPaletteEntries
CreateBitmapIndirect
EnumFontFamiliesExW
MoveToEx
SetViewportOrgEx
GetDIBits
ExcludeClipRect
CombineRgn
SetEnhMetaFileBits
GetWindowExtEx
GetTextExtentPointA
LineTo
GetDeviceCaps
CreateBrushIndirect
ExtFloodFill
CreateEllipticRgn
GetBrushOrgEx
GetWindowOrgEx
DeleteEnhMetaFile
Arc

kernel32

CopyFileA
GetVersionExA
FindResourceExW
TerminateProcess
IsDebuggerPresent
SetEndOfFile
GlobalReAlloc
GetTickCount
SetFileAttributesA
CreateEventW
GetWindowsDirectoryA
GetCurrentThread
DeleteCriticalSection
TlsSetValue
GetModuleFileNameA
CreateDirectoryW
ExitProcess
lstrcmpA
SuspendThread
VirtualAlloc
CreateProcessA

Sections

.text
Size: 102KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.kdata
Size: 44KB - Virtual size: 434KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 40KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9a867ea8fd8cd9b230e73fedaf2c638c

Headers

DLL Characteristics

File Characteristics

Imports

version

msvcrt

advapi32

gdi32

kernel32

Sections

.text Size: 102KB - Virtual size: 103KB

.data Size: 2KB - Virtual size: 1KB

.kdata Size: 44KB - Virtual size: 434KB

.rdata Size: 40KB - Virtual size: 53KB

.rsrc Size: 15KB - Virtual size: 15KB

.text
Size: 102KB - Virtual size: 103KB

.data
Size: 2KB - Virtual size: 1KB

.kdata
Size: 44KB - Virtual size: 434KB

.rdata
Size: 40KB - Virtual size: 53KB

.rsrc
Size: 15KB - Virtual size: 15KB