f31e625570cdb72d7ff6655c0c1f07a9_JaffaCakes118

General

Target

f31e625570cdb72d7ff6655c0c1f07a9_JaffaCakes118
Size

175KB
MD5

f31e625570cdb72d7ff6655c0c1f07a9
SHA1

7315d6541a1a6af9fb778d1742bdd690a76c9726
SHA256

1843a48e711c316bcea8d1147aec6bb4cd6ba82f5f9ea1fbd1cb562ecb542791
SHA512

185aa7ac76715fa681d3b5d3b4d1bc3e3daca1a156fdf91579b34641d56a6027c44acb1929983a6b0dde34c2cc67095f123449ef129f981e27a5ac75673467df
SSDEEP

3072:MdGXmmfdNLMF88L4WJk90HxozECnZEqnjGVAdG9iXluLLOyK5kkQnlYysVxx+3wK:MNmf7v8LXZHyg0HnjvG4XlIL85kktysi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
f31e625570cdb72d7ff6655c0c1f07a9_JaffaCakes118

Files

f31e625570cdb72d7ff6655c0c1f07a9_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f02947566b84c768ab7f0589c821ed5b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

ddraela3

_Tolower
_Exp
_Toupper
_Dscale
_Poly
_LNan
_FCosh
_Getcvt
_FInf
_FDnorm
_Rteps

kernel32

WaitForSingleObject
ReadDirectoryChangesW
GetVersion
GetCommandLineW
lstrcmpW
CreateFileW
InterlockedIncrement
FindClose
FreeLibrary
HeapSetInformation
HeapReAlloc
GetCurrentProcessId
InterlockedDecrement
GlobalFree
ExpandEnvironmentStringsW
GlobalLock
CreateEventW
VirtualAlloc
GetPriorityClass
FindNextVolumeW
lstrlenW
VirtualFree
SleepEx
GetModuleFileNameW
GetFullPathNameW
CloseHandle
ExitProcess
LoadLibraryExW
GlobalAlloc
LocalAlloc
DeleteFileW

user32

GetWindowLongA
GetWindowPlacement
GetDC
IsWindowEnabled
GetKeyState
LoadImageW
GetDlgCtrlID
ReleaseCapture
CreateDialogParamW
SetWindowLongW
CharNextW
SendMessageA
CreateAcceleratorTableW
DrawTextExW
MoveWindow
SetRectEmpty
GetSubMenu
GetWindowDC
SystemParametersInfoW
EnableMenuItem
TranslateMessage
MonitorFromPoint
WindowFromPoint
RegisterWindowMessageW
GetParent

ntdll

NtQueryInformationFile
NtQueryInformationFile
NtReleaseMutant
NtReleaseSemaphore
NtOpenEventPair
NtPowerInformation
NtClearEvent
NtCancelTimer
NtOpenFile

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 118KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f02947566b84c768ab7f0589c821ed5b

Headers

DLL Characteristics

File Characteristics

Imports

ddraela3

kernel32

user32

ntdll

Sections

.text Size: 19KB - Virtual size: 19KB

.data Size: 37KB - Virtual size: 36KB

.rsrc Size: 118KB - Virtual size: 120KB

.text
Size: 19KB - Virtual size: 19KB

.data
Size: 37KB - Virtual size: 36KB

.rsrc
Size: 118KB - Virtual size: 120KB