JaffaCakes118_00ca698923a589403e79f01574d1b6c2

General

Target

JaffaCakes118_00ca698923a589403e79f01574d1b6c2
Size

317KB
MD5

00ca698923a589403e79f01574d1b6c2
SHA1

9d18180774b3915ef12009dc5dc7e119f9e69eec
SHA256

7c733216f68903ad6d948b12b81119ede28443a9c3bd9c00499c2766f0931421
SHA512

4b8cc2ff4cc64dcd92da99841f2b1e61217a0d99106d1a326587ec4c85ddfa66218491f4c3aa88f791355c5a8e17c5ce1c62332e67a83a0c63672be31006731c
SSDEEP

6144:HXT3U/IXed0ZkYY80hhHygNWxGHMz/pxF20wbV:DXXed4kYeOxGHMzpxw0wB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_00ca698923a589403e79f01574d1b6c2

Files

JaffaCakes118_00ca698923a589403e79f01574d1b6c2
.exe windows:4 windows x86 arch:x86

d8d3711ebe5da36cc38937da07fdae8a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

UuidCreate

advapi32

CryptCreateHash
RegCloseKey
CryptGetHashParam
CryptDestroyHash
RegOpenKeyExW
CryptReleaseContext
CryptHashData
RegQueryValueExW
CryptAcquireContextW

kernel32

ExpandEnvironmentStringsW
LCMapStringW
UnmapViewOfFile
HeapDestroy
GetCurrentDirectoryW
DeviceIoControl
RaiseException
InitializeCriticalSectionAndSpinCount
MapViewOfFileEx
GetModuleHandleW
HeapFree
SetFileAttributesW
SystemTimeToFileTime
WideCharToMultiByte
GetFileInformationByHandle
EnterCriticalSection
GetConsoleMode
GetFileType
FlushViewOfFile
CloseHandle
LeaveCriticalSection
DeleteCriticalSection
SetUnhandledExceptionFilter
SetFilePointer
LocalAlloc
GetCurrentThreadId
CopyFileW
UnhandledExceptionFilter
VirtualAlloc
SetLastError
GetSystemInfo
ReadFile
CreateFileMappingW
IsDebuggerPresent
VirtualFree
GetSystemTime
GetFileAttributesExW
GetSystemTimeAsFileTime
CreateFileW
HeapAlloc
FreeLibrary
DeleteFileW
CreateMutexA

scecli

SceOpenPolicy
SceBrowseDatabaseTable
SceDcPromoCreateGPOsInSysvol
SceGetDbTime
SceSvcFree
SceGetObjectChildren
SceAppendSecurityProfileInfo

serwvdrv

DriverProc
wodMessage

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 265KB - Virtual size: 267KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d8d3711ebe5da36cc38937da07fdae8a

Headers

File Characteristics

Imports

rpcrt4

advapi32

kernel32

scecli

serwvdrv

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 265KB - Virtual size: 267KB

.rsrc Size: 27KB - Virtual size: 26KB

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 265KB - Virtual size: 267KB

.rsrc
Size: 27KB - Virtual size: 26KB