11c07d01f5d78b0a6c34e04841e70283_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

11c07d01f5d78b0a6c34e04841e70283_JaffaCakes118
Size

32KB
MD5

11c07d01f5d78b0a6c34e04841e70283
SHA1

09c8c1118911b7ee5b9fdc5770c8ed1cf6cde56a
SHA256

59e763d49b10e9eb7007bff068fc8518873bafb1ef98dac8d81b5ff16aaf725a
SHA512

20e8219df8f244dd34a3dfdcdca25e2610691eb42c0d00442785c32cd6f4969404fea79e5ea91082bb54e247e1dd1519674144c66a827c6135e0b3189c69faec
SSDEEP

768:Ai6joY7MNTqsrKTzgZIpnoNrxZBjfG5ru9AGNWR9:Ai3Y76KTzgZenylBA3R9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
11c07d01f5d78b0a6c34e04841e70283_JaffaCakes118

Files

11c07d01f5d78b0a6c34e04841e70283_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6524ec12130467f83311cb55dfdcd6b1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegOpenKeyA
RegDeleteValueA
QueryServiceStatus
RegCloseKey
GetSidIdentifierAuthority
GetLengthSid
GetSecurityInfo
EqualSid
AddAccessAllowedAce
OpenSCManagerA
GetTokenInformation
LookupAccountNameA
FreeSid
ControlService
OpenProcessToken
AdjustTokenPrivileges
OpenServiceA
RegSetValueExA
IsValidSid
LookupAccountSidA
LookupPrivilegeValueW
LookupPrivilegeValueA

ole32

CoCreateFreeThreadedMarshaler
OleRegGetUserType
CoInitialize
CoIsHandlerConnected
CoGetStdMarshalEx
OleNoteObjectVisible
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleCreateMenuDescriptor
OleCreateFromData
CoGetStandardMarshal
OleFlushClipboard
OleRegEnumFormatEtc
OleGetClipboard
OleTranslateAccelerator
CoAddRefServerProcess
OleCreateLink
OleQueryCreateFromData
OleLoadFromStream
OleSetClipboard
CoMarshalHresult
CoUnmarshalInterface

msvcrt

_splitpath
_strlwr
_wfullpath
_strnicmp
wcschr
wcscpy
strncpy
_strcmpi
strncat
_snprintf
_beginthread
_controlfp
_pctype
__mb_cur_max
_waccess
__getmainargs
fclose
fgets
fopen
exit
iswctype
_wfopen
_itoa

kernel32

GetStartupInfoA
InterlockedDecrement
OpenProcess
TlsGetValue
VirtualFree
SetUnhandledExceptionFilter
TerminateThread
GetEnvironmentVariableA
TlsAlloc
VirtualQueryEx
HeapCreate
GetDriveTypeA
GetFileTime
TlsFree
ResumeThread
GetCurrentDirectoryA
OutputDebugStringA
GetTimeFormatA
UnhandledExceptionFilter
HeapFree
FindClose
GetProcessHeap
InterlockedIncrement
CloseHandle
WaitForSingleObject
GetCurrentThread
FatalAppExitA
lstrcatA
CreateFileMappingA
lstrlenW
QueryPerformanceCounter
RtlUnwind
WideCharToMultiByte
lstrcpyA
GetVersion

gdi32

GetBkColor
BitBlt
GetTextExtentPoint32A
CreatePen
StartPage
CreateCompatibleDC
SelectClipRgn
DeleteObject
GetObjectA

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 332B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6524ec12130467f83311cb55dfdcd6b1

Headers

File Characteristics

Imports

advapi32

ole32

msvcrt

kernel32

gdi32

Sections

.text Size: 26KB - Virtual size: 26KB

.data Size: 3KB - Virtual size: 3KB

.rsrc Size: 1024B - Virtual size: 944B

.reloc Size: 512B - Virtual size: 332B

.text
Size: 26KB - Virtual size: 26KB

.data
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 1024B - Virtual size: 944B

.reloc
Size: 512B - Virtual size: 332B