3a4f51495bc4e495d2432dd582d07469_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3a4f51495bc4e495d2432dd582d07469_JaffaCakes118
Size

27KB
MD5

3a4f51495bc4e495d2432dd582d07469
SHA1

8294daf9f5548e63d2be29807a81d91f2d43077d
SHA256

e84a072465d78919963cbf4f1cf8bd394163a7511b5ed19bbf4d5e1b91b32510
SHA512

6b29d21f21b31da17d96417e6af918461186e4dfbd947e9844bbcc80eef6485fce5794a216ef83f543f12a03daacdf5b564bb3d1c7be80ca6edccb03ce7e2937
SSDEEP

384:cDnom+JtRoqtslf4RA+ZftzNn+7vs1oysh+ZoqNBBSjyWyMk:j5oVPU/eySyjYjpk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3a4f51495bc4e495d2432dd582d07469_JaffaCakes118

Files

3a4f51495bc4e495d2432dd582d07469_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ad817589b2c8feb61da4c70df96280d8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedCompareExchange
CreateEventW
DelayLoadFailureHook
GetComputerNameW
VirtualAlloc
Beep
GetProcAddress
VirtualFree
FreeLibrary
SetThreadPriority
LocalFree
CreateThread
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetEvent
InterlockedDecrement
GetTickCount
WaitForSingleObject
GetLastError
InterlockedIncrement
GetSystemInfo
SetUnhandledExceptionFilter
GetComputerNameExW
CloseHandle
ResetEvent
GetCurrentThread
LoadLibraryA
SetLastError
GetCurrentProcessId
LocalAlloc
GetCurrentThreadId
GetSystemTimeAsFileTime

rpcrt4

RpcStringBindingComposeW
I_RpcExceptionFilter
RpcBindingFree
RpcSsDestroyClientContext
RpcStringFreeW
RpcBindingFromStringBindingW
I_RpcMapWin32Status
NdrClientCall2

ntdll

RtlGetNtProductType
RtlInitString
RtlMakeSelfRelativeSD
RtlInitUnicodeString
NtOpenKey
NtClose
NtAllocateLocallyUniqueId
RtlLeaveCriticalSection
RtlDeleteCriticalSection
RtlInitializeCriticalSection
RtlConvertSidToUnicodeString
RtlNtStatusToDosError
RtlFreeUnicodeString
NtQueryInformationToken
RtlSubAuthoritySid
RtlLengthSecurityDescriptor
NtAllocateVirtualMemory
NtQueryValueKey
RtlCopySid
RtlCopyLuid
DbgPrint
RtlEqualSid
RtlLengthSid
RtlSubAuthorityCountSid
RtlValidSid

msvcrt

_wcsnicmp
free
wcscat
_adjust_fdiv
_initterm
malloc
wcsncmp
memmove
wcsncpy
_except_handler3
wcscpy
wcslen

wininet

InternetCrackUrlW

ws2help

WahCloseThread

advapi32

RegDeleteValueW
RegCreateKeyExW
RegQueryValueExA
RegCloseKey
RegDeleteKeyW
RegSetValueExW
RegQueryInfoKeyW
IsWellKnownSid
RegOpenKeyExW
GetTokenInformation
GetLengthSid
CreateWellKnownSid
OpenProcessToken
RegEnumKeyExW
RegEnumKeyW
RegOpenKeyExA
RegEnumValueW
ConvertSidToStringSidW
EqualDomainSid
OpenThreadToken
QueryServiceStatus

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ad817589b2c8feb61da4c70df96280d8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

rpcrt4

ntdll

msvcrt

wininet

ws2help

advapi32

Sections

.text Size: 6KB - Virtual size: 5KB

.reloc Size: 512B - Virtual size: 28B

.rsrc Size: 5KB - Virtual size: 5KB

.data Size: 3KB - Virtual size: 72KB

.rdata Size: 11KB - Virtual size: 11KB

.text
Size: 6KB - Virtual size: 5KB

.reloc
Size: 512B - Virtual size: 28B

.rsrc
Size: 5KB - Virtual size: 5KB

.data
Size: 3KB - Virtual size: 72KB

.rdata
Size: 11KB - Virtual size: 11KB