26bf8defcd965832001f104ef1771617_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

26bf8defcd965832001f104ef1771617_JaffaCakes118
Size

25KB
MD5

26bf8defcd965832001f104ef1771617
SHA1

3335f131a8ae1c2f2c4f4b53199dd144df294704
SHA256

758047a24802e92cfe6ef506533e383c984a690d1144cf6154f0f83585e2a00a
SHA512

8229d07147c8d063c41edb8d009accec4f2bbda158375a37bdfe3b4e1231b0019c713c38ab1505a82cdcf27d030f6387d67e7e9e26cbeb5e3018194415e1e78f
SSDEEP

768:yUxo7//h9dAT6ydAo1conKIXdw1bNFmC3d:yrdYp/FK0dwsMd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
26bf8defcd965832001f104ef1771617_JaffaCakes118

Files

26bf8defcd965832001f104ef1771617_JaffaCakes118
.exe windows:4 windows x86 arch:x86

17e3760e6e5420a84d00812f8b88d1d5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetHandleCount
InterlockedExchangeAdd
TlsGetValue
LocalFree
CreateThread
SetFilePointerEx
FindCloseChangeNotification
HeapSize
LCMapStringW
GetStdHandle
ReadFile
GetStartupInfoA
GetModuleHandleA
LocalAlloc
FlushFileBuffers
GetStringTypeW
GetEnvironmentStrings
InterlockedCompareExchange
GetModuleFileNameW
FindClose
GetFileAttributesA
SetLastError
GetLocaleInfoA
GetFileType
SetEvent
DeleteFileA
WriteFileEx
InitializeCriticalSection
GetFileAttributesW
VirtualFree
TlsSetValue
CreateFileA
GetExitCodeProcess
lstrlenW
RaiseException
InterlockedDecrement
GetStringTypeA
SetErrorMode
LoadResource
LCMapStringA
SizeofResource
FreeEnvironmentStringsW
GetFileSize
TlsFree
SetStdHandle
InterlockedIncrement
VirtualAlloc
GetModuleHandleW
GetCurrentThread
WaitForMultipleObjectsEx
GetLastError

gdi32

CreateRoundRectRgn
CreateDCA
CreateSolidBrush
CreatePolygonRgn
CreateRectRgn
CreateFontIndirectA

setupapi

SetupUninstallOEMInfA

advapi32

RegQueryInfoKeyA
RegCreateKeyExA
QueryServiceStatus
ControlService
RegGetKeySecurity
RegDeleteValueA
RegEnumValueA
RegCloseKey
RegConnectRegistryA
RegQueryValueExA
EnumServicesStatusA
RegDeleteKeyA
GetUserNameA
InitiateSystemShutdownA
RegEnumKeyExA
RegFlushKey
LookupPrivilegeValueA
OpenProcessToken
RegNotifyChangeKeyValue
OpenSCManagerA
OpenServiceA
RegSetValueExA
RegRestoreKeyA
RegOpenKeyExA
OpenEncryptedFileRawW
OpenEventLogW
OpenSCManagerW
OpenServiceW
OpenThreadToken
RegCreateKeyW
RegEnumKeyExW
ReadEventLogW
RegConnectRegistryW
RegCreateKeyA
RegCreateKeyExW
RegDeleteKeyW
RegSetKeySecurity

msvcrt

_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
__dllonexit
_onexit

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

17e3760e6e5420a84d00812f8b88d1d5

Headers

File Characteristics

Imports

kernel32

gdi32

setupapi

advapi32

msvcrt

Sections

.text Size: 8KB - Virtual size: 5KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 32KB - Virtual size: 112KB

.rsrc Size: 8KB - Virtual size: 7KB

.text
Size: 8KB - Virtual size: 5KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 32KB - Virtual size: 112KB

.rsrc
Size: 8KB - Virtual size: 7KB