e93bcfde5c5038126b691d0c72f63c5a_JaffaCakes118

General

Target

e93bcfde5c5038126b691d0c72f63c5a_JaffaCakes118
Size

153KB
MD5

e93bcfde5c5038126b691d0c72f63c5a
SHA1

da0bcd309a976d25f54f28be76260afaf733c615
SHA256

7d88fa96af794b11d7c4148022889c349d8028254af916a364aab83cfe84103b
SHA512

368f9dc5b8078bc80a0aa0c0087c3a84f2799988b225239b775461e1ca78dabd8f7954fc4a2ed942a430ff1074b768a83f3e3c1065454c22b7cf3ffa0239cdff
SSDEEP

1536:vKXEYhIY/GyRtcH8rnkzGYSY2su0yExggUfCPopBnLIwuzDSN0vanc1HHfwtkXg4:vKPWV/ufzBU3a0ycykImoEK0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e93bcfde5c5038126b691d0c72f63c5a_JaffaCakes118

Files

e93bcfde5c5038126b691d0c72f63c5a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e86d03a5fa56dd4a7ffb51faff70e1a6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtQueryVirtualMemory
RtlUnwind
NtSetContextThread
NtGetContextThread
ZwQueryInformationProcess
RtlNtStatusToDosError
ZwClose
NtUnmapViewOfSection
NtMapViewOfSection
NtCreateSection
memcpy
memset

shlwapi

StrChrA
StrRChrA
PathCombineW

psapi

EnumProcessModules

kernel32

WriteProcessMemory
GetFileSize
LoadLibraryA
FreeLibrary
lstrcmpA
LeaveCriticalSection
EnterCriticalSection
VirtualProtect
CreateFileA
GetModuleFileNameA
lstrlenA
lstrcatA
lstrcpyA
lstrcmpiA
SetFilePointer
GetCurrentProcess
VirtualAllocEx
LocalAlloc
LocalFree
CloseHandle
GetModuleFileNameW
GetModuleHandleA
CreateProcessW
VirtualProtectEx
OpenProcess
GetCurrentProcessId
SwitchToThread
GetLastError
ReadProcessMemory
VirtualFree
GetThreadContext
SuspendThread
ResumeThread
Sleep
GetModuleHandleW
GetVersion
CreateEventA
GetProcAddress
VirtualAlloc
ReadFile

shell32

SHGetFolderPathW

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 518KB - Virtual size: 518KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e86d03a5fa56dd4a7ffb51faff70e1a6

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

shlwapi

psapi

kernel32

shell32

Sections

.text Size: 14KB - Virtual size: 13KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 518KB - Virtual size: 518KB

.reloc Size: 1024B - Virtual size: 880B

.text
Size: 14KB - Virtual size: 13KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 518KB - Virtual size: 518KB

.reloc
Size: 1024B - Virtual size: 880B