13d448e652cb6ce4ae4bec3cd63cedab_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

13d448e652cb6ce4ae4bec3cd63cedab_JaffaCakes118
Size

273KB
MD5

13d448e652cb6ce4ae4bec3cd63cedab
SHA1

7d9be44c0c26b48ed8993fb6dcc35e5f97d574ff
SHA256

f3008beb4453c3ce6888c72ac81c6ad21e9914c60fcc2636f82cca7ff5cbf3d4
SHA512

513cf8204b015726584c18c32467e16ee1962ae63dfd0cd2f84ac6091a4fd7d705a782a65115e804a77d3ed866fc93cfec430d701a26d5d4dfb7b8f9f12c8a1c
SSDEEP

3072:rVJbn8hEX/UHnZZR3IR6Y9EkxqynW3v58MWtmNEkHrcKJGdC82Bfibr57SVQnm12:rnDipC6XWqh3ohgrjeP8fOhnJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
13d448e652cb6ce4ae4bec3cd63cedab_JaffaCakes118

Files

13d448e652cb6ce4ae4bec3cd63cedab_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4e41480590c5674cba8d88a34a979ce3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegQueryValueExA
OpenServiceW
OpenServiceA
CryptAcquireContextA
RegDeleteKeyA
QueryServiceStatus
RegOpenKeyExA
RegCloseKey
QueryServiceStatusEx
OpenSCManagerA
CryptReleaseContext
ControlService
CloseServiceHandle
StartServiceA
CryptGenRandom

oleaut32

VariantTimeToSystemTime
VarUdateFromDate
SystemTimeToVariantTime

rpcrt4

RpcStringFreeA
UuidToStringA
UuidCreate

kernel32

CreateEventA
HeapDestroy
GetCurrentThreadId
RaiseException
EnterCriticalSection
ResumeThread
CreateSemaphoreA
TlsSetValue
HeapReAlloc
LeaveCriticalSection
ReleaseSemaphore
SizeofResource
FindCloseChangeNotification
LocalAlloc
WaitForSingleObject
WideCharToMultiByte
FormatMessageA
FindClose
HeapAlloc
LocalFree
FindNextFileA
MapViewOfFile
CreateThread
WaitForMultipleObjects
GetProcessHeap
FindFirstFileA
FindResourceA
FindNextChangeNotification
HeapFree
CreateDirectoryA
HeapSize
CreateFileMappingA
FindResourceExA
GetSystemTime
CloseHandle
DeleteFileA
GetACP
TlsGetValue
LoadResource
RemoveDirectoryA
FindFirstChangeNotificationA
OpenProcess
GetSystemTimeAsFileTime
UnmapViewOfFile
LockResource
GetThreadLocale
OpenFileMappingA
ReleaseMutex
CreateMutexA
lstrlenA
DeleteCriticalSection
VirtualAllocEx
lstrcmpA

shlwapi

PathIsURLA
PathIsUNCA

user32

wsprintfA

ole32

OleRun
CLSIDFromProgID
CoCreateInstance
CLSIDFromString

security

ExportSecurityContext
QueryCredentialsAttributesA
AcquireCredentialsHandleW
ApplyControlToken

licmgr10

DllGetClassObject
DllUnregisterServer

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 240KB - Virtual size: 242KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4e41480590c5674cba8d88a34a979ce3

Headers

File Characteristics

Imports

advapi32

oleaut32

rpcrt4

kernel32

shlwapi

user32

ole32

security

licmgr10

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 240KB - Virtual size: 242KB

.rsrc Size: 9KB - Virtual size: 9KB

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 240KB - Virtual size: 242KB

.rsrc
Size: 9KB - Virtual size: 9KB