JaffaCakes118_2d5d06944fee42a022a80ec116e95f0b

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_2d5d06944fee42a022a80ec116e95f0b
Size

175KB
MD5

2d5d06944fee42a022a80ec116e95f0b
SHA1

f17e20da49e42a82a0a336ca57105d7753ec094e
SHA256

3fbc54a4a60d608803e05438a6f4142bb937013479982cdee8e8a769b87feed2
SHA512

eb444850c0c695d97dd783f25646608a8953a5223769c3cb662fe4b7a8b37be43820996c1916bc1124d5c9620ee6fea0e62f966786a2f36293e058d9586206b8
SSDEEP

3072:PJ3iQmKim4BBfIAD1XtfU6o9MnFJaYdhD7E8+TZ7KfQDJ/hH3dtSk2C4xUkKm:PJ3XmFBfIADX86o9MnFo8hv/+xK4D1hn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_2d5d06944fee42a022a80ec116e95f0b

Files

JaffaCakes118_2d5d06944fee42a022a80ec116e95f0b
.exe windows:4 windows x86 arch:x86

dd2ccaec809528977c2f453628323696

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsDebuggerPresent
SetFilePointer
ReadFile
GetDateFormatA
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTimeFormatA
SetEnvironmentVariableA
HeapFree
HeapReAlloc
EnterCriticalSection
SetEndOfFile
GetCurrentProcess
GetTickCount
IsValidCodePage
TerminateProcess
FreeLibrary
GetACP
RtlUnwind
CompareStringA
WriteFile
CompareStringW
RaiseException
GetCurrentProcessId
LeaveCriticalSection
EnumResourceTypesA
WriteConsoleA
LCMapStringA
HeapDestroy
GetCPInfo
CreateMailslotW
GetOEMCP
GetConsoleOutputCP
SetStdHandle
LCMapStringW
MultiByteToWideChar
VirtualFree
LoadLibraryA
VirtualAlloc
HeapSize
GetLocaleInfoA
GetTimeZoneInformation
InitializeCriticalSection
UnhandledExceptionFilter
HeapCreate
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA

advapi32

RegCreateKeyExW
IsValidSecurityDescriptor
StartServiceA
QueryServiceConfigW
RegDeleteValueW
RegDeleteKeyW
ControlService
LookupPrivilegeDisplayNameA
LookupPrivilegeValueA
QueryServiceLockStatusW
SetSecurityInfo
DeleteService
RegSetValueExW
OpenSCManagerW
OpenServiceW
GetSecurityInfo
RegRestoreKeyW
RegQueryValueExW
CloseServiceHandle
OpenProcessToken
EqualSid
LookupAccountSidW
SetEntriesInAclA
FreeInheritedFromArray
GetInheritanceSourceW
EnumDependentServicesW
GetSecurityDescriptorControl
CreateServiceW
UnlockServiceDatabase
IsValidAcl
LookupPrivilegeNameA
RegCloseKey
InitializeSecurityDescriptor
GetNamedSecurityInfoW
FreeSid
RegEnumKeyExW
GetAce
RegOpenKeyExW
ChangeServiceConfig2W
AddAce
InitializeAcl
SetNamedSecurityInfoW
QueryServiceStatus
AllocateAndInitializeSid
GetTokenInformation
SetEntriesInAclW
GetAclInformation
SetSecurityDescriptorDacl
AdjustTokenPrivileges
RegGetKeySecurity
ChangeServiceConfigW
RegSaveKeyW
LockServiceDatabase
RegEnumValueW

iphlpapi

GetIpAddrTable

oleacc

LresultFromObject
AccessibleObjectFromPoint

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dd2ccaec809528977c2f453628323696

Headers

File Characteristics

Imports

kernel32

advapi32

iphlpapi

oleacc

Sections

.text Size: 42KB - Virtual size: 42KB

.rdata Size: 3KB - Virtual size: 154KB

.data Size: 128KB - Virtual size: 128KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 42KB - Virtual size: 42KB

.rdata
Size: 3KB - Virtual size: 154KB

.data
Size: 128KB - Virtual size: 128KB

.rsrc
Size: 512B - Virtual size: 4KB