17c4cb71723970655f5f49a551bcffa8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

17c4cb71723970655f5f49a551bcffa8_JaffaCakes118
Size

222KB
MD5

17c4cb71723970655f5f49a551bcffa8
SHA1

4688a1ef1665e0f2ea74b205a410aaecbc50e94a
SHA256

11dd2c1718ce7c3291dc4c40b1559daab44ce7086e4bcbe9b7be0f5038cba00f
SHA512

bb060b7af42827b9464cc8d6460324a89a68a27c9145d41c184941db5464917d259cde70909b6bcc1cf31f43797cbe84606172215b7b8e2d191ed1e31f2b8e49
SSDEEP

3072:iWEbvU6QWvp8ewGhJXDT4nL3yIRFZOvmnNR9t3xCGFwmrEvhuaYvG0b:iWEbvU6LCw/ATxwQ+huaYvB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
17c4cb71723970655f5f49a551bcffa8_JaffaCakes118

Files

17c4cb71723970655f5f49a551bcffa8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

53833e8256473274029e118375b7c0c3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
LoadLibraryA
RtlUnwind
InterlockedExchange
VirtualQuery
HeapReAlloc
HeapAlloc
HeapFree
VirtualAlloc
GetComputerNameW
IsValidLocale
FindFirstChangeNotificationA
SetCurrentDirectoryW
GetSystemDefaultLangID
DeviceIoControl
EnumDateFormatsExA
OpenMutexA
CommConfigDialogA
GetExitCodeProcess
TlsFree
GetFileInformationByHandle
CreateMutexW
HeapValidate
FileTimeToSystemTime

advapi32

RegEnumKeyW
LookupPrivilegeNameW
GetUserNameW
CryptSetProviderExW
RegSaveKeyW
CryptContextAddRef
LogonUserW
RegOpenKeyExW
CryptSignHashA
RegSetValueW
RegSetValueA
RegRestoreKeyW
CryptEnumProviderTypesA
RegNotifyChangeKeyValue
InitiateSystemShutdownW
CryptAcquireContextA
RegSaveKeyA
LookupPrivilegeDisplayNameW
RegQueryInfoKeyW
RegReplaceKeyA
CryptEnumProviderTypesW
CryptEncrypt
DuplicateToken
LookupAccountNameW
CryptGetDefaultProviderW
CreateServiceW
RegEnumValueW
CryptEnumProvidersA
DuplicateTokenEx
RegQueryValueA
CryptDuplicateHash
RegEnumValueA
RegLoadKeyW
RegConnectRegistryA
CryptSetProviderA
RegEnumKeyExA
RegQueryMultipleValuesA
CryptSignHashW
RegReplaceKeyW
CryptAcquireContextW
CryptDuplicateKey
RegSetKeySecurity
RegCreateKeyExA
CryptSetProviderW
RegRestoreKeyA
CryptGetKeyParam
CryptExportKey
CryptGetProvParam
InitializeSecurityDescriptor
RegSetValueExA
RegOpenKeyExA
CryptSetKeyParam
RegLoadKeyA
LookupAccountSidA
RegCloseKey
StartServiceW
RegQueryValueExW
CryptGetHashParam
LookupSecurityDescriptorPartsW
CryptDecrypt
CryptVerifySignatureA
RegQueryValueW
CryptSetProvParam
CryptDestroyKey
CryptGenKey
RegEnumKeyExW
CryptCreateHash
RegFlushKey
InitiateSystemShutdownA
AbortSystemShutdownA
LogonUserA
RegCreateKeyA
RegQueryInfoKeyA
RegEnumKeyA
RegOpenKeyW
CryptGetDefaultProviderA
CryptSetHashParam

Sections

.text
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

53833e8256473274029e118375b7c0c3

Headers

File Characteristics

Imports

kernel32

advapi32

Sections

.text Size: 96KB - Virtual size: 96KB

.data Size: 111KB - Virtual size: 110KB

.reloc Size: 13KB - Virtual size: 13KB

.text
Size: 96KB - Virtual size: 96KB

.data
Size: 111KB - Virtual size: 110KB

.reloc
Size: 13KB - Virtual size: 13KB