f4aeaf9f1d1f48652b8e3d0e1d315950_JaffaCakes118

General

Target

f4aeaf9f1d1f48652b8e3d0e1d315950_JaffaCakes118
Size

231KB
MD5

f4aeaf9f1d1f48652b8e3d0e1d315950
SHA1

f51ddb36020703d8dc46b1b498b6e9a3ca3409ac
SHA256

096be2d49d945e256d3effa0378e43407a5e6504e77ecd9635497d5eea21425f
SHA512

1161442fcd870a01da4042dd93d54475742eb2e77c9025b25fb56428153aa62a7b48efaec1c537ad4039c11727a9732151487fe231f5ba41bc91b5bea7512113
SSDEEP

6144:a01jkBqJz80Tsxk4O+JlsESUTDSy7GwP9FA:aAoBczZstO+JlhnTDSyyw1e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f4aeaf9f1d1f48652b8e3d0e1d315950_JaffaCakes118

Files

f4aeaf9f1d1f48652b8e3d0e1d315950_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1a71e523c84d2655b90563849a12bd82

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LCMapStringW
TlsGetValue
UnhandledExceptionFilter
GetLogicalDriveStringsA
GetProcAddress
VirtualFree
HeapReAlloc
TlsFree
DeleteCriticalSection
IsBadWritePtr
GetCurrentProcessId
HeapAlloc
CreateSemaphoreW
GetOEMCP
LCMapStringA
GetModuleHandleA
WideCharToMultiByte
OpenSemaphoreA
GetFileType
InterlockedExchange
GetStringTypeA
SetLastError
FreeEnvironmentStringsA
SetHandleCount
AddAtomA
FreeEnvironmentStringsW
HeapDestroy
SetEnvironmentVariableW
GetPrivateProfileIntW
ExitProcess
GetTickCount
SetConsoleCP
TlsAlloc
HeapFree
GetCurrentThread
GetModuleFileNameA
LeaveCriticalSection
LoadLibraryA
QueryPerformanceCounter
GetCommandLineA
VirtualAlloc
GlobalAddAtomA
EnterCriticalSection
VirtualQuery
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
RtlUnwind
GetEnvironmentStrings
GetStartupInfoA
GetVersion
InitializeCriticalSection
GlobalFree
TlsSetValue
GetACP
GetSystemTimeAsFileTime
GetEnvironmentStringsW
WriteFile
SetFileAttributesA
GetLastError
GetStdHandle
FindAtomA
GetUserDefaultLangID
HeapCreate
MultiByteToWideChar
EnumCalendarInfoExW
GetStringTypeW
GetCPInfo
GetDiskFreeSpaceA

shell32

ShellAboutW
DragFinish
SheSetCurDrive
DoEnvironmentSubstW
ExtractAssociatedIconA
SHFileOperationA
InternalExtractIconListA
SHQueryRecycleBinW
SHGetFileInfo
SHInvokePrinterCommandA
SHGetNewLinkInfo
SHGetDataFromIDListA
SheGetDirA
FindExecutableA
ExtractIconEx
DragAcceptFiles
DuplicateIcon
DragQueryFileA
SHGetPathFromIDListW
ExtractIconExA
SheChangeDirA
ShellExecuteExW
SHBrowseForFolder
SHFreeNameMappings
SHFormatDrive

Sections

.text
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 106KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1a71e523c84d2655b90563849a12bd82

Headers

File Characteristics

Imports

kernel32

shell32

Sections

.text Size: 110KB - Virtual size: 110KB

.data Size: 106KB - Virtual size: 119KB

.rsrc Size: 13KB - Virtual size: 13KB

.text
Size: 110KB - Virtual size: 110KB

.data
Size: 106KB - Virtual size: 119KB

.rsrc
Size: 13KB - Virtual size: 13KB