135b56c394b976f6367b649cbb43e0e8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

135b56c394b976f6367b649cbb43e0e8_JaffaCakes118
Size

191KB
MD5

135b56c394b976f6367b649cbb43e0e8
SHA1

2668d0149d9931a2e60ded19c3b5ac7167211e83
SHA256

063064245ff8523a83b3362a107dce37775836a7484a2f12c5d0f2206a5b571d
SHA512

148333efcdf4ef3a1e3a090606ab6e4837d74dad156563d8e53ebee6db0bc1402a26a78058deecf550a127169665f3499da9c061e2e0cf72df0aab343526598c
SSDEEP

3072:AvG6M2PXDgPXNYO0qQU2Bt5VUHERVgZHfhLhfPppSLOrtxRv93yGVbUR:ABdPzV20VUHEHg5fhBPppt13hb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
135b56c394b976f6367b649cbb43e0e8_JaffaCakes118

Files

135b56c394b976f6367b649cbb43e0e8_JaffaCakes118
.exe windows:1 windows x86 arch:x86

238e1ce869481b7f560752d63f0bf443

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_exit
exit
?terminate@@YAXXZ
_mbsstr
__p__fmode
_mbscmp
_controlfp
strchr
_adjust_fdiv
_ismbblead
_mbschr
_acmdln
_amsg_exit
malloc
memmove
strtok
memcpy
_initterm
__set_app_type
_cexit
strstr
_getcwd
_mbsupr
_XcptFilter
__setusermatherr
_mbsicmp
__p__commode
memset
__getmainargs
_access
_mbsinc

setupapi

SetupDiGetDeviceRegistryPropertyA
SetupDiOpenDevRegKey
SetupDiGetClassDevsA
SetupDiCallClassInstaller
SetupDiEnumDeviceInfo
SetupDiDeleteDeviceInfo

user32

MessageBoxA
LoadStringA
wsprintfA
ExitWindowsEx
FindWindowA
LoadIconA
SendMessageA

kernel32

SetFileAttributesA
lstrcatA
GetLastError
GetCurrentProcess
QueryPerformanceCounter
MoveFileExA
InterlockedCompareExchange
SetEndOfFile
CreateFileMappingA
InterlockedExchange
GlobalAlloc
GetStartupInfoA
GetWindowsDirectoryA
CloseHandle
CreateFileW
GetTickCount
GetShortPathNameA
SetUnhandledExceptionFilter
FindFirstFileA
WaitForSingleObject
MapViewOfFile
VirtualProtect
GetVersionExA
GetFileSize
UnmapViewOfFile
LoadLibraryA
GlobalFree
CreateProcessA
lstrlenA
GetFileType
GetSystemTimeAsFileTime
RemoveDirectoryA
FreeLibrary
UnhandledExceptionFilter
TerminateProcess
lstrcpyA
SetFilePointer
FindClose
GetProcAddress
GetCurrentProcessId
Sleep
DeleteFileA
FindNextFileA
GetPrivateProfileStringA
GetModuleHandleA
CreateFileA
GetCommandLineA
CreateDirectoryA
GetCurrentThreadId
GetSystemDirectoryA
GetExitCodeProcess
lstrcpynA

advapi32

RegDeleteKeyA
OpenProcessToken
RegQueryValueExA
AllocateAndInitializeSid
OpenServiceA
RegSetValueExA
AdjustTokenPrivileges
RegEnumKeyExA
RegOpenKeyExA
LookupPrivilegeValueA
OpenSCManagerA
RegCloseKey
GetTokenInformation
EqualSid
ControlService
DeleteService
RegDeleteValueA
CloseServiceHandle
FreeSid

ntdll

RtlUnwind

Sections

.text
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 100KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

238e1ce869481b7f560752d63f0bf443

Headers

File Characteristics

Imports

msvcrt

setupapi

user32

kernel32

advapi32

ntdll

Sections

.text Size: 83KB - Virtual size: 83KB

.rdata Size: 3KB - Virtual size: 16KB

.data Size: 100KB - Virtual size: 1.1MB

.rsrc Size: 3KB - Virtual size: 2KB

.text
Size: 83KB - Virtual size: 83KB

.rdata
Size: 3KB - Virtual size: 16KB

.data
Size: 100KB - Virtual size: 1.1MB

.rsrc
Size: 3KB - Virtual size: 2KB