176236c29d650dc70ff9db8498c34dc5_JaffaCakes118

General

Target

176236c29d650dc70ff9db8498c34dc5_JaffaCakes118
Size

336KB
MD5

176236c29d650dc70ff9db8498c34dc5
SHA1

8695bff7386bc5af7f28b394e400aaf541901f1e
SHA256

b65c0ccb4fd876ef2f8988fca35b817a41a153515d4108cdedd19676e25a3c97
SHA512

8950a0c12eac2dfbca9041951c3ae4408bae2e624b75a34d8b8dcdb7fa07a3e96b6510d54eb91b3d2ac35622d5edbd92e9aca8141b49db8bc3b1fc0819c206a4
SSDEEP

6144:a/sTLoJourIOywdD6Io68c2IPUIaPURe8vawxQU+tmRB4ZEOCa7/IzJZpTE2EYaZ:aE4jIcR6Io68chCURebU/r6yJZG2EYaZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
176236c29d650dc70ff9db8498c34dc5_JaffaCakes118

Files

176236c29d650dc70ff9db8498c34dc5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

41949369b71c6e2c99acb7e9a61bb9c3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegRestoreKeyA
ReportEventA
RegQueryValueExA
RegEnumValueA
RegEnumKeyExA
RegisterEventSourceW
RegNotifyChangeKeyValue

shlwapi

StrCSpnW
StrStrW
PathIsUNCServerShareW
SHRegQueryInfoUSKeyA
PathMatchSpecA
PathAddExtensionA
StrCmpNIA
StrFormatByteSizeA
PathFindNextComponentW

kernel32

GetModuleHandleA
GetStartupInfoA
VirtualAllocEx
SetEvent
ReleaseMutex
ResetEvent
ResumeThread
CreateSemaphoreA
SuspendThread
VerLanguageNameA
GlobalHandle
IsValidCodePage
GlobalAlloc
PulseEvent
GlobalFree
HeapLock
GlobalMemoryStatus
ReleaseSemaphore
OpenMutexA
GetPrivateProfileStringA
GetProcAddress
OpenSemaphoreA

version

GetFileVersionInfoA
VerInstallFileA
VerQueryValueA
VerFindFileA

netapi32

NetFileGetInfo
NetAuditWrite
NetGetAnyDCName
NetAuditClear
NetErrorLogRead
NetAuditRead
NetGroupGetInfo
NetConfigGet
NetErrorLogClear
NetFileClose
NetConnectionEnum
NetGetJoinInformation
NetGroupAddUser
NetConfigGetAll
NetConfigSet

msvcrt

_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_controlfp
_exit
perror
__mb_cur_max
_isctype
_pctype
_XcptFilter
iswctype
exit

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 312KB - Virtual size: 412KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

41949369b71c6e2c99acb7e9a61bb9c3

Headers

File Characteristics

Imports

advapi32

shlwapi

kernel32

version

netapi32

msvcrt

Sections

.text Size: 14KB - Virtual size: 13KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 312KB - Virtual size: 412KB

.rsrc Size: 6KB - Virtual size: 5KB

.text
Size: 14KB - Virtual size: 13KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 312KB - Virtual size: 412KB

.rsrc
Size: 6KB - Virtual size: 5KB