2cc41c7c4b43dea78edc699027890dfe_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

2cc41c7c4b43dea78edc699027890dfe_JaffaCakes118
Size

324KB
MD5

2cc41c7c4b43dea78edc699027890dfe
SHA1

fbc220ed9691ffbec660634f91d626bca989fd19
SHA256

045c0b8f22c022668cb32691447b53b26ae39c80f29478d306ce4b3ca618c80f
SHA512

c2ffe537ce69db9f7114ca40ed1493d2e67cb1907e14392a0f13c90e65d4b6546fa921dbc985d3b5790becb65710acc880b6623e44d00d8bfa60df86f9194cf5
SSDEEP

6144:LwbvxTAEz4ykhcYO7TrBfjiYSQbuYEbE1NDf8yMx9s0ou2IWvmkv:Cx2cJX9riYSQqbEbBes0DbLq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2cc41c7c4b43dea78edc699027890dfe_JaffaCakes118

Files

2cc41c7c4b43dea78edc699027890dfe_JaffaCakes118
.exe windows:5 windows x86 arch:x86

10fecdee4ed1d96bb6ed9a5257efbb04

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

wcslen
malloc
_adjust_fdiv
_except_handler3
_initterm
memmove
wcsncmp
free
wcscpy
_wcsnicmp
wcscat
wcsncpy

ntdll

RtlGetNtProductType
RtlEnterCriticalSection
RtlValidSid
DbgPrint
NtAllocateVirtualMemory
RtlFreeUnicodeString
RtlMakeSelfRelativeSD
NtOpenKey
RtlLeaveCriticalSection
RtlSubAuthoritySid
NtQueryValueKey
NtClose
RtlDeleteCriticalSection
RtlSubAuthorityCountSid
RtlInitializeCriticalSection
RtlCopySid
NtQueryInformationToken
RtlInitUnicodeString
NtLoadKey
RtlCopyLuid
RtlEqualSid
RtlConvertSidToUnicodeString
RtlLengthSid
RtlInitString
RtlLengthSecurityDescriptor

kernel32

VirtualAlloc
QueryPerformanceCounter
GetCurrentThreadId
LoadLibraryA
InterlockedDecrement
DelayLoadFailureHook
ResetEvent
GetConsoleOutputCP
GetCurrentProcess
VirtualFree
GetProcAddress
GetComputerNameExW
GetComputerNameW
GetLastError
GetConsoleCP
SetLastError
CloseHandle
SetThreadPriority
TerminateProcess
CreateThread
GetTickCount
WaitForSingleObject
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
GetCurrentThread
UnhandledExceptionFilter
InterlockedCompareExchange
LocalAlloc
InterlockedIncrement
CreateEventW
GetSystemInfo
SetEvent
Beep

advapi32

OpenProcessToken
IsWellKnownSid
RegEnumKeyW
GetTokenInformation
RegQueryValueExA
RegCreateKeyExW
RegQueryInfoKeyW
RegOpenKeyExA
CreateWellKnownSid
ConvertSidToStringSidW
RegQueryValueExW
RegOpenKeyExW
OpenThreadToken
RegSetValueExW
RegEnumKeyExW
RegDeleteKeyW
RegEnumValueW
RegCloseKey
GetLengthSid
RegDeleteValueW
EqualDomainSid

rpcrt4

RpcSsDestroyClientContext
RpcBindingFromStringBindingW
I_RpcExceptionFilter
RpcStringFreeW
RpcStringBindingComposeW
NdrClientCall2
RpcBindingFree
I_RpcMapWin32Status

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 171KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 141KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 776KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

10fecdee4ed1d96bb6ed9a5257efbb04

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ntdll

kernel32

advapi32

rpcrt4

Sections

.text Size: 7KB - Virtual size: 6KB

.rsrc Size: 171KB - Virtual size: 170KB

.rdata Size: 141KB - Virtual size: 141KB

.data Size: 3KB - Virtual size: 776KB

.text
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 171KB - Virtual size: 170KB

.rdata
Size: 141KB - Virtual size: 141KB

.data
Size: 3KB - Virtual size: 776KB