e79ed8ff9168e204b174bea19ada1ac0_JaffaCakes118

General

Target

e79ed8ff9168e204b174bea19ada1ac0_JaffaCakes118
Size

36KB
MD5

e79ed8ff9168e204b174bea19ada1ac0
SHA1

58fd08bbec99c08ea642c96611ff54d2937a0d2d
SHA256

901b8ce4ea9991a682166611f32192d2069c91be8fce098c5e8e329c9cd55184
SHA512

26bb86a1470a65ccf028c1cb5fda8bc2fd71a76cbc3715f76bee87434890f8e44d1d6842178a032c8b987c390ded1e940c41311238c3e18e9746344e4e163211
SSDEEP

768:Rvvh9ou5X7rQzsf2nPdDV5/yQyA9SpVzo:lvP682n1Db/KAco

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e79ed8ff9168e204b174bea19ada1ac0_JaffaCakes118

Files

e79ed8ff9168e204b174bea19ada1ac0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

06e1e270c0d01b8482f3c0dc0f84a003

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareStringW
CreateThread
FlushFileBuffers
GetStringTypeW
Sleep
CreateMutexA
GetLastError
CreateDirectoryA
CreateFileA
WriteFile
CloseHandle
OpenFile
GetModuleFileNameA
GetWindowsDirectoryA
CopyFileA
WritePrivateProfileStringA
CompareStringA
GetCurrentThreadId
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
SetStdHandle
LoadLibraryA
GetProcAddress
GetTimeZoneInformation
GetSystemTime
GetLocalTime
RtlUnwind
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
HeapFree
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
HeapAlloc
VirtualAlloc
HeapReAlloc
SetEnvironmentVariableA

user32

TranslateMessage
GetMessageA
DispatchMessageA

advapi32

ReportEventA
DeregisterEventSource
StartServiceA
CreateServiceA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceCtrlDispatcherA
RegisterEventSourceA

shell32

ShellExecuteA

wininet

HttpQueryInfoA
InternetCloseHandle
InternetReadFile
InternetOpenA
InternetOpenUrlA

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

06e1e270c0d01b8482f3c0dc0f84a003

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

wininet

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 8KB

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 8KB