JaffaCakes118_63102bad40a538e1c160ee2ce30b446b

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_63102bad40a538e1c160ee2ce30b446b
Size

164KB
MD5

63102bad40a538e1c160ee2ce30b446b
SHA1

79b77b361b73cd16a7fe5dc3c57d708e3af4d370
SHA256

961f2cec351ae2807a45354309ec54ceeb74c44e8615ec5f01f4c7e30d85d055
SHA512

4f68e4c44f66200366e7522b4df6190347d98b73bced99ceb8d37dcd98153986e2faedcf0692b356fab0ee8daed7667a4029e997554af742288d7c6d8bc7bc3a
SSDEEP

3072:NMSGyet1WiKIRNrGVRM7QOak3Xf0ICZ5Js06VuX4+Bg+hUpZt3PNGy4Ql3+:NIP1Wi5R2RM/an5KItBqXF8/V

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_63102bad40a538e1c160ee2ce30b446b

Files

JaffaCakes118_63102bad40a538e1c160ee2ce30b446b
.exe windows:4 windows x86 arch:x86

5ad6e4f062ebed839cad1f4a7305cf9e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapReAlloc
InitializeCriticalSection
GetCurrentProcessId
MultiByteToWideChar
HeapFree
GetOEMCP
GetCPInfo
GetSystemTimeAsFileTime
ReadFile
RtlUnwind
IsDebuggerPresent
WriteConsoleA
GetTimeZoneInformation
GetStringTypeW
HeapCreate
UnhandledExceptionFilter
VirtualFree
HeapDestroy
LeaveCriticalSection
LCMapStringW
SetFilePointer
HeapSize
GetTimeFormatA
GetDateFormatA
IsValidCodePage
SetStdHandle
VirtualAlloc
LoadLibraryA
EnumResourceTypesA
GetTickCount
GetConsoleOutputCP
SetEnvironmentVariableA
GetCurrentProcess
GetACP
SetEndOfFile
GetLocaleInfoA
CompareStringA
CreateMailslotW
SetUnhandledExceptionFilter
TerminateProcess
EnterCriticalSection
CompareStringW
LCMapStringA
WriteFile
FreeLibrary
QueryPerformanceCounter
RaiseException
GetStringTypeA

advapi32

OpenSCManagerW
SetNamedSecurityInfoW
RegSetValueExW
GetNamedSecurityInfoW
StartServiceA
RegRestoreKeyW
EnumDependentServicesW
AddAce
FreeSid
FreeInheritedFromArray
RegCloseKey
IsValidAcl
RegQueryValueExW
CreateServiceW
SetEntriesInAclW
RegDeleteValueW
InitializeAcl
DeleteService
LookupPrivilegeValueA
LookupPrivilegeDisplayNameA
SetEntriesInAclA
QueryServiceLockStatusW
LookupPrivilegeNameA
RegGetKeySecurity
ControlService
LockServiceDatabase
AllocateAndInitializeSid
UnlockServiceDatabase
AdjustTokenPrivileges
CloseServiceHandle
GetSecurityInfo
OpenProcessToken
EqualSid
GetAclInformation
QueryServiceConfigW
ChangeServiceConfigW
GetAce
LookupAccountSidW
RegEnumKeyExW
OpenServiceW
RegSaveKeyW
GetInheritanceSourceW
InitializeSecurityDescriptor
RegOpenKeyExW
GetSecurityDescriptorControl
RegCreateKeyExW
SetSecurityDescriptorDacl
ChangeServiceConfig2W
IsValidSecurityDescriptor
QueryServiceStatus
SetSecurityInfo
RegDeleteKeyW
GetTokenInformation
RegEnumValueW

iphlpapi

GetIpAddrTable

oleacc

LresultFromObject
AccessibleObjectFromPoint

Sections

.text
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 402KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5ad6e4f062ebed839cad1f4a7305cf9e

Headers

File Characteristics

Imports

kernel32

advapi32

iphlpapi

oleacc

Sections

.text Size: 41KB - Virtual size: 40KB

.rdata Size: 3KB - Virtual size: 402KB

.data Size: 118KB - Virtual size: 118KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 41KB - Virtual size: 40KB

.rdata
Size: 3KB - Virtual size: 402KB

.data
Size: 118KB - Virtual size: 118KB

.rsrc
Size: 512B - Virtual size: 4KB