14dfd2ff7728c4bb110b269f9d3b3ec8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

14dfd2ff7728c4bb110b269f9d3b3ec8_JaffaCakes118
Size

317KB
MD5

14dfd2ff7728c4bb110b269f9d3b3ec8
SHA1

5e4de3f436bcbce1dc994e2b03340415c037e126
SHA256

09967d2e202f76f46c1c1fc6f7b81d9eea15135cbe1d76f15fa0f227c2176cd0
SHA512

97fe2c9dd8d8718b6bea1e7579af65591e7058b11d1904c76d4151fe9c38b9e7be9db597fdafdeaa1a86701783b765b42edc5dd6c30dc49318f7989fc6779d0b
SSDEEP

6144:Fa5HFq14l2wUpj1NoTc3aeZ4U3fZmTfZONiNuwWxlFNWwUdvPdG0amx:8zPUpBzKo4UhmTxO2w4NG0b

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
14dfd2ff7728c4bb110b269f9d3b3ec8_JaffaCakes118

Files

14dfd2ff7728c4bb110b269f9d3b3ec8_JaffaCakes118
.exe windows:5 windows x86 arch:x86

00a3e137787e5cda3627e2f0a868481d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

tapi32

lineOpen
lineGetID
lineShutdown
lineClose
lineInitializeExW
lineNegotiateAPIVersion
lineGetDevCapsW

setupapi

SetupGetSourceInfoA
SetupCloseInfFile
SetupDiSetClassInstallParamsA
SetupDiCallClassInstaller
SetupDiOpenDevRegKey
SetupPromptForDiskA
SetupDiDestroyDeviceInfoList
SetupOpenMasterInf
SetupDiCreateDeviceInfoList
SetupDiGetDeviceInstanceIdW
SetupDiEnumDeviceInfo
SetupGetSourceFileLocationA
SetupDiGetClassDevsW

ntdll

LdrGetDllHandle
RtlUshortByteSwap
NtAllocateVirtualMemory

user32

wsprintfA

advapi32

RegEnumKeyA
RegSetValueExA
OpenSCManagerA
RegQueryValueExA
RegOpenKeyA
ChangeServiceConfigA
RegOpenKeyExA
QueryServiceStatus
StartServiceA
RegQueryValueExW
RegOpenKeyW
OpenServiceA
CloseServiceHandle
RegCloseKey

ole32

CoUninitialize
CoCreateInstance
CoInitializeEx

kernel32

ExitProcess
GetSystemInfo
WideCharToMultiByte
MultiByteToWideChar
lstrcmpA
VirtualProtect
LoadLibraryW
GetTickCount
lstrlenW
GetStringTypeA
VirtualFree
VirtualQuery
GlobalAlloc
GlobalFree
GetCPInfo
LCMapStringW
GetTempFileNameW
CreateDirectoryW
GetProcessHeap
VirtualAlloc
lstrlenA
GetLocaleInfoA
Sleep
GetTempPathW
HeapReAlloc
HeapAlloc
CreateFileA
FormatMessageA
lstrcmpiA
FreeLibrary
lstrcpyA
LCMapStringA
GetLastError
GetProcAddress
DeleteFileW
CloseHandle
GetVersionExA
lstrcmpiW
HeapFree
WriteFile
LoadLibraryA
GetStringTypeW

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 287KB - Virtual size: 286KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

00a3e137787e5cda3627e2f0a868481d

Headers

DLL Characteristics

File Characteristics

Imports

tapi32

setupapi

ntdll

user32

advapi32

ole32

kernel32

Sections

.text Size: 15KB - Virtual size: 15KB

.rsrc Size: 287KB - Virtual size: 286KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 3KB - Virtual size: 1.4MB

.tls Size: 512B - Virtual size: 4KB

.text
Size: 15KB - Virtual size: 15KB

.rsrc
Size: 287KB - Virtual size: 286KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 3KB - Virtual size: 1.4MB

.tls
Size: 512B - Virtual size: 4KB