112ad448f26525e5023e7ca3c01fdd87_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

112ad448f26525e5023e7ca3c01fdd87_JaffaCakes118
Size

324KB
MD5

112ad448f26525e5023e7ca3c01fdd87
SHA1

d81a64c516c4ae8dff3ce99472471179c1f4cfbc
SHA256

0237a1f8437d758198fafc9fee69d4e80654330c252452aee7d096c8af2fc42b
SHA512

aa24b8d9029c61de34d41aeaaa0bd131a854e12a39702cba79dd1515050744442c25397f5ec2c2cb31abd1963e7895711a6fe8ae220aaa3250c5a2c7c958911a
SSDEEP

6144:kyDn3rTmE3+NEc2aIS5yS/ZtYPjSVpzXDCHl8jdfyNB+AWCBh9j:kybfvXaIS1ta6zXmHwmP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
112ad448f26525e5023e7ca3c01fdd87_JaffaCakes118

Files

112ad448f26525e5023e7ca3c01fdd87_JaffaCakes118
.exe windows:5 windows x86 arch:x86

000827f9f10d857d564d16e3e37d6270

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

StartServiceA
RegEnumKeyA
OpenServiceA
RegSetValueExA
ChangeServiceConfigA
OpenSCManagerA
RegQueryValueExW
RegOpenKeyExA
QueryServiceStatus
RegOpenKeyW
RegQueryValueExA
CloseServiceHandle
RegCloseKey
RegOpenKeyA

tapi32

lineInitializeExW
lineClose
lineShutdown
lineOpen
lineNegotiateAPIVersion
lineGetDevCapsW
lineGetID

setupapi

SetupDiSetClassInstallParamsA
SetupDiDestroyDeviceInfoList
SetupDiCallClassInstaller
SetupDiEnumDeviceInfo
SetupCloseInfFile
SetupGetSourceInfoA
SetupDiGetDeviceInstanceIdW
SetupOpenMasterInf
SetupDiGetClassDevsW
SetupDiCreateDeviceInfoList
SetupPromptForDiskA
SetupGetSourceFileLocationA
SetupDiOpenDevRegKey

ole32

CoUninitialize
CoInitializeEx
CoCreateInstance

kernel32

DeleteFileW
GetLastError
HeapAlloc
LCMapStringA
VirtualProtect
GetShortPathNameW
GetModuleHandleA
WideCharToMultiByte
GetCPInfo
GetVersionExA
CloseHandle
lstrlenA
GetStringTypeA
GetProcAddress
MultiByteToWideChar
HeapFree
FreeLibrary
GlobalAlloc
GetStringTypeW
GetTickCount
GetTempPathW
ExitProcess
LoadLibraryA
GlobalFree
lstrcmpiW
VirtualAlloc
lstrcmpA
lstrcpyA
LoadLibraryW
GetSystemInfo
WriteFile
VirtualQuery
FormatMessageA
lstrlenW
GetTempFileNameW
LCMapStringW
CreateDirectoryW
CreateFileA
Sleep
GetProcessHeap
VirtualFree
HeapReAlloc

ntdll

NtAllocateVirtualMemory
RtlUshortByteSwap
NtCreateDebugObject

user32

wsprintfA

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 294KB - Virtual size: 294KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

000827f9f10d857d564d16e3e37d6270

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

tapi32

setupapi

ole32

kernel32

ntdll

user32

Sections

.text Size: 15KB - Virtual size: 15KB

.rsrc Size: 294KB - Virtual size: 294KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 3KB - Virtual size: 1.4MB

.tls Size: 512B - Virtual size: 4KB

.text
Size: 15KB - Virtual size: 15KB

.rsrc
Size: 294KB - Virtual size: 294KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 3KB - Virtual size: 1.4MB

.tls
Size: 512B - Virtual size: 4KB