17667b4685ef3d834773432ad87606f8_JaffaCakes118

General

Target

17667b4685ef3d834773432ad87606f8_JaffaCakes118
Size

72KB
MD5

17667b4685ef3d834773432ad87606f8
SHA1

3c152902a96fa427c86f486d830d144884168128
SHA256

019d17011c902a89346a4504438597727912753b7b029d0c0949af3ce4be905a
SHA512

adae8ed66d4850b61b77b6c9d6aadc684f1a82674cd99ca75c0ba575cf230d8e9b1a4312c2beff7c63cfc1740e9b311f830cf70a39162be11c0b0fa1882d8466
SSDEEP

1536:xPueLURoTw31kV5WTrhYDFg5vTAlay1OBldYDrCkoszkT:xmKURoTw3w5WhYq5birCkoszk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
17667b4685ef3d834773432ad87606f8_JaffaCakes118

Files

17667b4685ef3d834773432ad87606f8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

eac920f07e9b782d37dba2dd3328d314

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindResourceA
LoadResource
SetLastError
lstrcpyA
HeapFree
GetModuleFileNameA
lstrlenA
lstrcatA
MultiByteToWideChar
WideCharToMultiByte
GetSystemDirectoryA
GetTickCount
Sleep
FreeResource
CreateFileA
WriteFile
CloseHandle
SizeofResource
GetLastError
GetProcessHeap
HeapAlloc
GetModuleHandleA
GetProcAddress

user32

wsprintfA

advapi32

GetAclInformation
GetUserNameA
QueryServiceStatus
ControlService
DeleteService
OpenSCManagerA
OpenServiceA
StartServiceA
CloseServiceHandle
RegOpenKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
LookupAccountNameA
GetFileSecurityA
InitializeSecurityDescriptor
GetSecurityDescriptorDacl
GetLengthSid
InitializeAcl
GetAce
EqualSid
AddAce
RegQueryValueExA
SetFileSecurityA
GetSecurityDescriptorControl
SetSecurityDescriptorDacl
AddAccessAllowedAce
CreateServiceA

shlwapi

SHDeleteKeyA

netapi32

NetUserGetLocalGroups
NetApiBufferFree

msvcrt

strlen
strchr
srand
rand
memcpy
memset
_except_handler3
_stricmp

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eac920f07e9b782d37dba2dd3328d314

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

netapi32

msvcrt

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 920B

.rsrc Size: 64KB - Virtual size: 64KB

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 920B

.rsrc
Size: 64KB - Virtual size: 64KB