14e4a5f121a24cbc2584346e16264c30_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

14e4a5f121a24cbc2584346e16264c30_JaffaCakes118
Size

128KB
MD5

14e4a5f121a24cbc2584346e16264c30
SHA1

4d61be32e14cdd58914d946f24816eb90abfe81a
SHA256

34348be104f9f106b08bc19ccf66a8da16c6ed490afcad868015cf0e9bccb18d
SHA512

8d37fbf09772e3de2c43082771f58bf211369b778b1fc345c745aa6cdf94efaf2998c6944791fa1373716c7da86dc8a15c53244fb5e316db7467f468c0876713
SSDEEP

3072:ML+6jJBsvxE5+se4dIxp8qipKGNLgVKeJxon4X:e3osnKp6pHNLTb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
14e4a5f121a24cbc2584346e16264c30_JaffaCakes118

Files

14e4a5f121a24cbc2584346e16264c30_JaffaCakes118
.exe windows:4 windows x86 arch:x86

60f406b8431f3ab9c6da1399fc7f8d94

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
WaitForSingleObject
GetPrivateProfileSectionA
GetProcAddress
CreateProcessA
SetCurrentDirectoryA
GetCurrentThread
GetShortPathNameA
Sleep
FindNextFileA
LocalFree
ReadFile
CreateFileA
GetSystemDefaultLangID
WideCharToMultiByte
LoadResource
FindResourceExA
LockResource
lstrcmpA
LocalAlloc
FindClose
FormatMessageA
lstrlenA
GetSystemDirectoryA
FindFirstFileA
GetCurrentProcess
CopyFileA
SetFileAttributesA
GetPrivateProfileStringA
CreateMutexA
GetLastError
GetCurrentDirectoryA
OutputDebugStringA
LoadLibraryA
CreateDirectoryA
GetWindowsDirectoryA
GetVersionExA
HeapSize
HeapAlloc
GetFullPathNameA
HeapReAlloc
FileTimeToLocalFileTime
FileTimeToSystemTime
GetDriveTypeA
SetStdHandle
FlushFileBuffers
LCMapStringW
FreeLibrary
SetFilePointer
LCMapStringA
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
IsBadCodePtr
IsBadReadPtr
IsBadWritePtr
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetTimeZoneInformation
GetCPInfo
VirtualFree
HeapCreate
RtlUnwind
RaiseException
ExitProcess
TerminateProcess
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
HeapFree
SetUnhandledExceptionFilter
WriteFile
VirtualAlloc
HeapDestroy
FreeEnvironmentStringsW
GetACP
GetOEMCP
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA

user32

MessageBoxA
ExitWindowsEx
DestroyWindow
KillTimer
EnableWindow
SetDlgItemTextA
wsprintfA
CreateDialogParamA
GetDlgItem
FindWindowA
SendMessageA
GetMessageA
DispatchMessageA
TranslateMessage
ShowWindow
SetTimer
SetFocus
CreateDialogIndirectParamA

advapi32

RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
AdjustTokenPrivileges
LookupPrivilegeValueA
RegOpenKeyA
RegSetValueExA
RegCreateKeyA
OpenProcessToken
FreeSid
EqualSid
RegEnumKeyExA
GetTokenInformation
OpenThreadToken
AllocateAndInitializeSid
RegDeleteKeyA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

netinst

?DllGetClassFactoryObject@@YAJPAPAVIDriverInstallInterfaceFactory@@@Z
?DllGetClassFactoryObject@@YAJPAPAVISysProberInterfaceFactory@@@Z

Sections

.text
Size: 92KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

60f406b8431f3ab9c6da1399fc7f8d94

Headers

File Characteristics

Imports

kernel32

user32

advapi32

version

netinst

Sections

.text Size: 92KB - Virtual size: 88KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 16KB - Virtual size: 20KB

.rsrc Size: 4KB - Virtual size: 36KB

.text
Size: 92KB - Virtual size: 88KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 16KB - Virtual size: 20KB

.rsrc
Size: 4KB - Virtual size: 36KB