27c83844ac72beffbf4a848681444c54_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

27c83844ac72beffbf4a848681444c54_JaffaCakes118
Size

315KB
MD5

27c83844ac72beffbf4a848681444c54
SHA1

bd22decb9de89108d311277d36e751d9de16db1e
SHA256

e68baed61e2b9d4ec1966d98a1d4097b1029f154ab2a7547017f63f3f108d425
SHA512

61d73334d75e091436ab1f9f9d1fba3b668e585678c3bca29ce5d17cfa3d91309689430ab8d813f6a735626115f0efef277346672400a3b22c7bb2e913a226b6
SSDEEP

6144:caunq14l2wUpj1NoTc3aeZ4U3Mmkj0Vc/zRtPhLB8or4rZFWsPQ+:LAPUpBzKo4URkgVi7r8ldF7Q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
27c83844ac72beffbf4a848681444c54_JaffaCakes118

Files

27c83844ac72beffbf4a848681444c54_JaffaCakes118
.exe windows:5 windows x86 arch:x86

fd745a9f1081de7d2371090ea4a083de

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoCreateInstance
CoUninitialize
CoInitializeEx

advapi32

RegEnumKeyA
RegOpenKeyExA
StartServiceA
ChangeServiceConfigA
RegOpenKeyA
CloseServiceHandle
RegOpenKeyW
QueryServiceStatus
RegSetValueExA
OpenServiceA
RegQueryValueExA
RegCloseKey
RegQueryValueExW
OpenSCManagerA

kernel32

VirtualAlloc
WideCharToMultiByte
HeapFree
GetShortPathNameW
GetModuleHandleA
GetLocaleInfoA
CreateFileA
GetTempFileNameW
GetVersionExA
CloseHandle
WriteFile
HeapReAlloc
GetTickCount
GetTempPathW
MultiByteToWideChar
GetLastError
LCMapStringA
LoadLibraryA
VirtualProtect
VirtualQuery
LCMapStringW
Sleep
GetProcessHeap
lstrlenA
lstrcmpA
DeleteFileW
GlobalAlloc
lstrcmpiW
lstrcpyA
GetStringTypeW
FreeLibrary
GetSystemInfo
ExitProcess
lstrlenW
GetProcAddress
lstrcmpiA
CreateDirectoryW
VirtualFree
GlobalFree
HeapAlloc
GetStringTypeA
LoadLibraryW

ntdll

LdrGetDllHandle
RtlUshortByteSwap
NtAllocateVirtualMemory

user32

wsprintfA

tapi32

lineOpen
lineInitializeExW
lineShutdown
lineNegotiateAPIVersion
lineGetID
lineClose
lineGetDevCapsW

setupapi

SetupOpenMasterInf
SetupDiCallClassInstaller
SetupDiDestroyDeviceInfoList
SetupPromptForDiskA
SetupGetSourceFileLocationA
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW
SetupDiOpenDevRegKey
SetupDiGetDeviceInstanceIdW
SetupCloseInfFile
SetupGetSourceInfoA
SetupDiCreateDeviceInfoList
SetupDiSetClassInstallParamsA

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 285KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fd745a9f1081de7d2371090ea4a083de

Headers

DLL Characteristics

File Characteristics

Imports

ole32

advapi32

kernel32

ntdll

user32

tapi32

setupapi

Sections

.text Size: 15KB - Virtual size: 15KB

.rsrc Size: 285KB - Virtual size: 284KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 3KB - Virtual size: 1.4MB

.tls Size: 512B - Virtual size: 4KB

.text
Size: 15KB - Virtual size: 15KB

.rsrc
Size: 285KB - Virtual size: 284KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 3KB - Virtual size: 1.4MB

.tls
Size: 512B - Virtual size: 4KB