42a5772a0f194c3636c5e2034b78a4c6_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

42a5772a0f194c3636c5e2034b78a4c6_JaffaCakes118
Size

27KB
MD5

42a5772a0f194c3636c5e2034b78a4c6
SHA1

ace303f52bacc51fe01899fa6800d7d517b5f290
SHA256

9b503ea36231cdad4262c2cf5dc5862fc80d03cdb0fcf94af2e8ed0758b573c5
SHA512

70054c143923a9f76dbdf388023e7f72915184d9b87da127b10c90b368e2d329df0f612c316933e726fe6a2e19b202a771d5aab7bb618c31d48f7c040269de9e
SSDEEP

384:rY1Rho6H0Pze61RMN8OkSXJWlvOtHT7i09qIab82VBgBEtdFZLWE+WvT4Vy9RKpt:SOfIk0wO1RlS0+jzb4VZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
42a5772a0f194c3636c5e2034b78a4c6_JaffaCakes118

Files

42a5772a0f194c3636c5e2034b78a4c6_JaffaCakes118
.exe windows:6 windows x86 arch:x86

a0e5e6da6d379b262a0c306f494a9176

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

TrustedInstaller.pdb

Imports

advapi32

TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
SetServiceStatus
RegCloseKey
RegOpenKeyExW
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
CloseServiceHandle
InitiateShutdownW
LookupPrivilegeValueW
AdjustTokenPrivileges
RegEnumValueW
RegQueryValueExW
OpenProcessToken
ChangeServiceConfigW
QueryServiceConfigW
OpenSCManagerW
OpenServiceW

kernel32

ExpandEnvironmentStringsW
GetFullPathNameW
GetVersionExW
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
InterlockedCompareExchange
Sleep
InterlockedExchange
SetEvent
CloseHandle
WaitForSingleObject
lstrlenW
GetLastError
CreateEventW
OpenEventW
WaitForSingleObjectEx
GetModuleFileNameW
LoadLibraryW
GetProcAddress
FreeLibrary
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
lstrcmpW
ExitProcess
HeapSetInformation

msvcrt

__set_app_type
wcstoul
??2@YAPAXI@Z
memset
??3@YAXPAX@Z
__wgetmainargs
_cexit
_exit
_controlfp
_except_handler4_common
?terminate@@YAXXZ
memcpy
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_amsg_exit
_initterm
exit
_XcptFilter

ole32

CoSuspendClassObjects
CoResumeClassObjects
CoRegisterClassObject
CoDisconnectContext
CoRevokeClassObject
CoCreateInstance
CoUninitialize
CoInitializeSecurity
CoInitializeEx
CoGetMalloc

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a0e5e6da6d379b262a0c306f494a9176

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcrt

ole32

Sections

.text Size: 21KB - Virtual size: 20KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 22KB

.text
Size: 21KB - Virtual size: 20KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 22KB