JaffaCakes118_7313ad117b6372e8deabb048a0d4d64c

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_7313ad117b6372e8deabb048a0d4d64c
Size

268KB
MD5

7313ad117b6372e8deabb048a0d4d64c
SHA1

aa5e5a9db4286b85fdc5491678658d38f7efa28f
SHA256

819b7082fa6dd2898ec304cf634e7e5629338851aa96e7922b6fffa01832ddda
SHA512

e0c471e860dafa7e632b1ceb77b5af33b6c297b84a90bce225fbea80303dd2790bed163efc9b76c613cea70f77ca8f688a7ee2a186f0e8b8c1649072bf3042b5
SSDEEP

6144:6AIx3gWmnrF7uITd6lnQfZZLdZR6Za64oqcu3EAlghlcN:5I2/rF7uITdxfZVd2Fs0nh4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_7313ad117b6372e8deabb048a0d4d64c

Files

JaffaCakes118_7313ad117b6372e8deabb048a0d4d64c
.exe windows:4 windows x86 arch:x86

a8aa61f084676c1aa8a1f16f9e4240a0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CryptExportPublicKeyInfo
CryptEncodeObject

kernel32

GetVersionExW
GetCurrentProcess
GetTickCount
GetModuleFileNameA
GetModuleHandleA
GetModuleFileNameW
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoW
LoadLibraryW
FreeLibrary
GetFullPathNameA
GetFileAttributesA
lstrcpynW
lstrlenW
GetFileAttributesW
lstrcpynA
lstrlenA
GetLastError
MultiByteToWideChar
Sleep
lstrcmpA
GetProcAddress
LoadLibraryA

user32

CreateWindowExW
RegisterClassExW
DefWindowProcW
MessageBoxW

advapi32

CryptGenKey
CryptExportKey
CryptDestroyKey
RegQueryValueExW
DeleteService
OpenServiceW
CloseServiceHandle
StartServiceW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
CreateServiceW
OpenSCManagerW
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerW
CryptReleaseContext
CryptAcquireContextW

shell32

SHGetDesktopFolder

query

CIState
SetupCacheEx
CICreateCommand
CiSvcMain
DoneCIPerformanceData
LocateCatalogsA
CITextToSelectTreeEx

msls31

LsSetDoc
LsPointXYFromPointUV
LssbGetNumberDnodesInSubline
LsdnFinishByPen
LssbGetObjDimSubline
LsQueryPointPcpSubline
LsCreateSubline
LsdnResolvePrevTab
LsQueryLineCpPpoint
LssbFIsSublineEmpty

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.jXm
Size: 1KB - Virtual size: 259KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 106KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pUi
Size: 512B - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 7KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 116KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a8aa61f084676c1aa8a1f16f9e4240a0

Headers

File Characteristics

Imports

crypt32

kernel32

user32

advapi32

shell32

query

msls31

Sections

.text Size: 3KB - Virtual size: 3KB

.text Size: 16KB - Virtual size: 16KB

.jXm Size: 1KB - Virtual size: 259KB

.rdata Size: 2KB - Virtual size: 21KB

.edata Size: 106KB - Virtual size: 143KB

.pUi Size: 512B - Virtual size: 164KB

.data Size: 7KB - Virtual size: 155KB

.edata Size: 116KB - Virtual size: 143KB

.rsrc Size: 14KB - Virtual size: 13KB

.text
Size: 3KB - Virtual size: 3KB

.text
Size: 16KB - Virtual size: 16KB

.jXm
Size: 1KB - Virtual size: 259KB

.rdata
Size: 2KB - Virtual size: 21KB

.edata
Size: 106KB - Virtual size: 143KB

.pUi
Size: 512B - Virtual size: 164KB

.data
Size: 7KB - Virtual size: 155KB

.edata
Size: 116KB - Virtual size: 143KB

.rsrc
Size: 14KB - Virtual size: 13KB