43e5a22c6b5d9365d81ee865c002fb80_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

43e5a22c6b5d9365d81ee865c002fb80_JaffaCakes118
Size

147KB
MD5

43e5a22c6b5d9365d81ee865c002fb80
SHA1

4995672bd9c26a0a63949ee5f84afb5c2519c207
SHA256

ce0101713487856aa105827541546493647dbced68bb0580cbbeedc6ab9b60cf
SHA512

ad03232affbdb207e83557949bae079a4f651c29744a8d742adafa3692190b071c99eac1193a4911f2676b16b72a33b6c1038bac4b8d4ad034e56c88b428c65c
SSDEEP

3072:PIkvHCa/U/Dm+Fnu0iEtIXm9o+zSDEtbehOr:PbvHC/Dm+RSmymqvDwz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
43e5a22c6b5d9365d81ee865c002fb80_JaffaCakes118

Files

43e5a22c6b5d9365d81ee865c002fb80_JaffaCakes118
.exe windows:5 windows x86 arch:x86

d1f72cf3736ddc31cf8fa0482ef6327a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
GetSystemTimeAsFileTime
GetCurrentProcess
VirtualFree
RemoveDirectoryW
UnmapViewOfFile
GetFileSize
DuplicateHandle
GetCurrentProcessId
GetTickCount
FreeEnvironmentStringsW
FindFirstFileA
FindClose
GetFullPathNameW
lstrcatW
lstrlenA
ExitProcess
OpenProcess
DeviceIoControl
WaitForSingleObject
GetCurrentThreadId
SizeofResource
GetACP
GlobalFree
HeapReAlloc
LCMapStringA
GetThreadLocale
SetFileAttributesW
CreateEventA
VirtualAlloc
SetStdHandle
SetErrorMode
SetThreadPriority
WaitForMultipleObjects

msvcrt

_wcsupr
wcsstr
??1type_info@@UAE@XZ
fwrite
wcsncat
time
wcschr
_ftol
wcscat
_CxxThrowException
_CIacos
fseek
iswspace
isalpha
mbstowcs
_commit
_itow
__p__osver
_strnicmp
wcsncmp
ctime
_strdup
__dllonexit
__set_app_type
printf
sprintf
__p__fmode
wcstombs
_errno
rand
__p__commode
towupper
?terminate@@YAXXZ
isspace
exit
wcstol
__setusermatherr
_wtol
_strlwr
fprintf
??2@YAPAXI@Z
fflush
??3@YAXPAX@Z
swprintf

advapi32

CryptCreateHash
RegSetValueA
RegNotifyChangeKeyValue
EqualSid
RegCreateKeyA
QueryServiceConfigW
IsTextUnicode
ReportEventW
RegEnumValueA
RegOpenKeyW
GetSecurityDescriptorDacl
RegEnumKeyExA
ChangeServiceConfigW
RegEnumKeyExW
GetSidIdentifierAuthority
ConvertSidToStringSidW
SetThreadToken
RegOpenKeyA
CryptHashData
RegDeleteKeyA
QueryServiceStatus
RegOpenKeyExW
CloseServiceHandle
IsValidSid
RegEnumValueW
ImpersonateLoggedOnUser

ole32

CreateOleAdviseHolder
StgCreateDocfileOnILockBytes
CoCreateGuid
CoGetObjectContext
CoUnmarshalInterface
OleSaveToStream
CoReleaseMarshalData
StgOpenStorage
CoCreateInstanceEx
PropVariantCopy
CoFreeUnusedLibraries
CoGetClassObject
CLSIDFromProgID
CoGetInterfaceAndReleaseStream
StgCreateDocfile
CoUninitialize
CoGetMalloc
CoRevertToSelf
CoTaskMemFree
GetHGlobalFromStream
CLSIDFromString
IIDFromString
CoSetProxyBlanket
StgIsStorageFile
CreateStreamOnHGlobal
StringFromGUID2
OleRegGetUserType
StringFromIID
CreateBindCtx
PropVariantClear
WriteClassStm
OleRegGetMiscStatus
OleRun
CreateILockBytesOnHGlobal
ReleaseStgMedium
CoRevokeClassObject
MkParseDisplayName
OleInitialize
CoTaskMemAlloc
ProgIDFromCLSID

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 55KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d1f72cf3736ddc31cf8fa0482ef6327a

Headers

File Characteristics

Imports

kernel32

msvcrt

advapi32

ole32

Sections

.text Size: 19KB - Virtual size: 19KB

.rdata Size: 39KB - Virtual size: 39KB

.data Size: 55KB - Virtual size: 180KB

.idata Size: 30KB - Virtual size: 30KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 19KB - Virtual size: 19KB

.rdata
Size: 39KB - Virtual size: 39KB

.data
Size: 55KB - Virtual size: 180KB

.idata
Size: 30KB - Virtual size: 30KB

.reloc
Size: 1KB - Virtual size: 1KB