edc623389ea7cfe31884a79821e21b69_JaffaCakes118

General

Target

edc623389ea7cfe31884a79821e21b69_JaffaCakes118
Size

146KB
MD5

edc623389ea7cfe31884a79821e21b69
SHA1

a45eb688b48feb67e942f1a5c0f3ddb897068b12
SHA256

88cd987421b7810d571cd91ea722eb2731a83c2425a7bf8b0d47480ab7a70af9
SHA512

ced0179d5ff54f3c12824872d85e3c4798471af9e1e24d38afed0f400cc1e044a9d8642ca27e0dab85094c932d95b529198aaf00bd75c8c68939f7d41c1a16ce
SSDEEP

3072:LTIOYS71IE6d4WfgJ+Og07Iw3S5GHVvANfuaZyIYlfxu/YWcShby:LkdS10dtfgrg0v33VoNfuaWfQYYby

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
edc623389ea7cfe31884a79821e21b69_JaffaCakes118

Files

edc623389ea7cfe31884a79821e21b69_JaffaCakes118
.exe windows:5 windows x86 arch:x86

9e53f669aa2e0a48adea061a9b40c13b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

api-cca

_Getcvt
_Dnorm
_FDscale
_LInf
_LSinh
_FDenorm
_Strxfrm

user32

DrawFocusRect
EndDialog
CreateAcceleratorTableW
SendMessageA
UnregisterClassA
GetClassInfoExW
EnableMenuItem
PeekMessageW
DrawTextExW
TranslateAcceleratorW
TrackPopupMenuEx
LoadIconW
LoadStringW
GetParent
SetRectEmpty
SetProcessDefaultLayout
CharNextW
CallNextHookEx
MonitorFromPoint

gdi32

BitBlt
DeleteObject
GetObjectA
CreateCompatibleBitmap
GetStockObject

shell32

SHCreateQueryCancelAutoPlayMoniker
SHGetFolderPathW
SHGetPathFromIDListW
ord190

msvcrt

_XcptFilter
_cexit
realloc
_wfopen
_amsg_exit
_unlock
__getmainargs
memset
qsort

kernel32

VirtualFree
CloseHandle
VirtualProtect
lstrlenA
GlobalLock
SleepEx
EnterCriticalSection
GetPriorityClass
CreateEventW
InitializeCriticalSection
Sleep
GetCommandLineW
GlobalAlloc
LocalAlloc
HeapDestroy
FindVolumeClose
GetCurrentThreadId
GetCurrentThread
InterlockedExchangeAdd

ntdll

NtOpenDirectoryObject
NtOpenEventPair
NtReleaseMutant
NtOpenMutant
NtClose
NtQueryInformationFile
NtOpenSemaphore
NtQueryObject

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9e53f669aa2e0a48adea061a9b40c13b

Headers

DLL Characteristics

File Characteristics

Imports

api-cca

user32

gdi32

shell32

msvcrt

kernel32

ntdll

Sections

.text Size: 15KB - Virtual size: 15KB

.data Size: 33KB - Virtual size: 32KB

.rsrc Size: 96KB - Virtual size: 100KB

.text
Size: 15KB - Virtual size: 15KB

.data
Size: 33KB - Virtual size: 32KB

.rsrc
Size: 96KB - Virtual size: 100KB