25533eadefc0e8fbb71877b715b152bd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

25533eadefc0e8fbb71877b715b152bd_JaffaCakes118
Size

64KB
MD5

25533eadefc0e8fbb71877b715b152bd
SHA1

8edfaadc0bb1995c41b0249e7ccc9ca1ce283106
SHA256

b82a577bf37200d10eca81832f40fbb9bce57d6f0888e7bcf8d67646cb861613
SHA512

8e42086fee4e490d26ed3723c09d840e926c38e676dd3e68b313baac8b37850307aef2ed43db680a1057c950f0c737037e06a00a0bfb1e0fd5fc667875156556
SSDEEP

1536:jSGQhceq+b0+atjcUSTqon2Eibnaz6KklGjWHBloG+:tQGeq+Utz5EJiS6KQGjWhlK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
25533eadefc0e8fbb71877b715b152bd_JaffaCakes118

Files

25533eadefc0e8fbb71877b715b152bd_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d40afbba53d3d96a08cbea63db87a23e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegEnumKeyW
RegEnumValueA
GetSidLengthRequired
QueryServiceStatus
AddAccessAllowedAce
SetEntriesInAclW
LookupPrivilegeValueW
FreeSid
LsaQueryInformationPolicy
CryptAcquireContextW
RegQueryValueA
IsValidSecurityDescriptor
SetSecurityDescriptorGroup
RegDeleteKeyA

user32

InsertMenuA
GetWindowTextLengthW
CreateWindowExA
SendMessageW
GetMenu
LoadBitmapW
GetSysColor
GetProcessWindowStation
SendMessageA
GetWindowLongA
TranslateMessage
SendDlgItemMessageW
DrawTextW

kernel32

GetOEMCP
GetWindowsDirectoryA
SetUnhandledExceptionFilter
GetProcessHeap
ResumeThread
ReadFile
MapViewOfFile
FindResourceA
WaitForMultipleObjects
CreateThread
GetCurrentProcess
GetThreadPriority
WideCharToMultiByte
InterlockedIncrement
SetLastError
ExitProcess
OpenEventA
GetFileAttributesW
GetCurrentThreadId
LCMapStringA
HeapSize
GetUserDefaultLCID
GetLastError
GetSystemTimeAsFileTime
GetFileType
QueryPerformanceCounter
VirtualAlloc
lstrcatW
FindResourceW
IsBadWritePtr
FormatMessageW
OpenMutexA
SetFilePointer
DisableThreadLibraryCalls
InitializeCriticalSectionAndSpinCount
GetCPInfo
VirtualProtect
SetErrorMode
GetFileSize
GetCommandLineW
CreateMutexW
TerminateProcess
GetStdHandle
OutputDebugStringA
GetTempPathA
CreateDirectoryA
GetVersion
FreeLibrary
ExpandEnvironmentStringsW
GetCommandLineA
DeleteFileA
OpenMutexW
FindFirstFileA
HeapAlloc
GetModuleHandleW
OpenEventW
GetTickCount
GetCurrentProcessId
GetModuleHandleA

Sections

.text
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.textbss
Size: 512B - Virtual size: 310B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: 512B - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 512B - Virtual size: 111B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d40afbba53d3d96a08cbea63db87a23e

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

user32

kernel32

Sections

.text Size: 53KB - Virtual size: 53KB

.textbss Size: 512B - Virtual size: 310B

BSS Size: 512B - Virtual size: 75KB

DATA Size: 512B - Virtual size: 111B

.rsrc Size: 6KB - Virtual size: 5KB

.text
Size: 53KB - Virtual size: 53KB

.textbss
Size: 512B - Virtual size: 310B

BSS
Size: 512B - Virtual size: 75KB

DATA
Size: 512B - Virtual size: 111B

.rsrc
Size: 6KB - Virtual size: 5KB