f48b6465a19ed9ccc8ee91eb1ed50746_JaffaCakes118

General

Target

f48b6465a19ed9ccc8ee91eb1ed50746_JaffaCakes118
Size

178KB
MD5

f48b6465a19ed9ccc8ee91eb1ed50746
SHA1

5516df1e0aac6b3e5139fbfab05b81deb8780a79
SHA256

e21f3814236f3ea6a82319d891b71fe298d9cbab50ff0b1f4f64159cc1a657e3
SHA512

ad6e57895abcc7fb0a96f73e2144df7279289f7ebe712b2b21cb0552867f9f08428232d48f14bd2d9c84b5177369dbb9590fab365ec30791e09f53f6237df067
SSDEEP

3072:L+N6GwOo1D8936jJvGZmUO9smtOlvm0t6c1E7xHghRgrsWg+X1Q3O2:LU1wu0hm1E7xHghRgrbvQe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f48b6465a19ed9ccc8ee91eb1ed50746_JaffaCakes118

Files

f48b6465a19ed9ccc8ee91eb1ed50746_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5e9ad2fac29e98571da65f14eebbc6a5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeLibrary
GetTickCount
DisableThreadLibraryCalls
InitializeCriticalSection
DosPathToSessionPathW
SetProcessAffinityMask
GetVersionExA
InterlockedExchange
MultiByteToWideChar
GetModuleFileNameA
GetProcessAffinityMask
QueryPerformanceCounter
GetProcessId
InterlockedDecrement
GetVolumeInformationW
WideCharToMultiByte
EnumResourceTypesA
GetLastError
GetThreadLocale
GetCurrentProcess
GetCurrentProcessId
DeleteFileW
CreateFileW
CloseHandle
ProcessIdToSessionId
GetLocalTime
WaitForSingleObject
GetDiskFreeSpaceExW
ExitProcess
InterlockedIncrement
GetCurrentThreadId
lstrlenA
GetACP
GetSystemTimeAsFileTime
GetFileSize
DeleteCriticalSection
GetLocaleInfoA
DeleteFileA

advapi32

RegSetValueA
RegSetValueExA
RegEnumKeyExA
RegCreateKeyA
RegDeleteKeyA
RegQueryValueExA
RegCreateKeyExA
RegOpenKeyExA
RegCloseKey

ole32

CoTaskMemFree
CoFreeUnusedLibraries
CoTaskMemAlloc
CoCreateInstance
StringFromGUID2
CoInitialize
CoUninitialize

user32

SendMessageA
DispatchMessageA
PostMessageA
TranslateMessage
PeekMessageA
wsprintfA

gdiplus

GdipCreateHBITMAPFromBitmap
GdipCloneImage

Sections

.text
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5e9ad2fac29e98571da65f14eebbc6a5

Headers

File Characteristics

Imports

kernel32

advapi32

ole32

user32

gdiplus

Sections

.text Size: 107KB - Virtual size: 107KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 67KB - Virtual size: 67KB

.tls Size: 1024B - Virtual size: 72KB

.text
Size: 107KB - Virtual size: 107KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 67KB - Virtual size: 67KB

.tls
Size: 1024B - Virtual size: 72KB