f7c46baec0931f1bf7f8d48477315b47_JaffaCakes118

General

Target

f7c46baec0931f1bf7f8d48477315b47_JaffaCakes118
Size

414KB
MD5

f7c46baec0931f1bf7f8d48477315b47
SHA1

4b63dfff9b3387b7f85ea72b3f3902e664789435
SHA256

27d26ea50e6e9fb803a3b25997af9e6784b6ccde8292a775b31cdef0f5f5e29f
SHA512

a4c1ec17a2b759338a5dc0b1a844d10ef0a22f57e8718e11ec7dc0e8ec3298e76d7a80950cfa6fa7e3813db3f7d8b4b3881f2965ab146163c18a6f5b63e4ff57
SSDEEP

12288:KUmGtqvgVDMU+neMx+/CDSZgqzYisO4YICROJ70FRqkPduKu+M:Kwty2OqVsxvCkYbq5j+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f7c46baec0931f1bf7f8d48477315b47_JaffaCakes118

Files

f7c46baec0931f1bf7f8d48477315b47_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2827f1c283737a34b972979e0b31928d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameW
GetTimeFormatA
GetUserDefaultLCID
MultiByteToWideChar
GetProcAddress
GetVersionExA
HeapReAlloc
SetHandleCount
FindAtomW
GetLocaleInfoA
GetCurrentProcessId
TlsAlloc
SetEvent
GetCPInfo
TlsFree
VirtualProtect
HeapCreate
AddAtomA
TlsGetValue
WideCharToMultiByte
GetCurrentThread
UnhandledExceptionFilter
CompareStringA
GetStartupInfoW
HeapSize
GetProcessAffinityMask
GetFileType
DuplicateHandle
GlobalCompact
ExitProcess
GetTickCount
FreeLibraryAndExitThread
SetLastError
HeapFree
EnumSystemLocalesA
GetModuleFileNameA
GetOEMCP
LoadLibraryA
QueryPerformanceCounter
EnterCriticalSection
VirtualAlloc
LocalUnlock
GetSystemInfo
VirtualFree
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
RtlUnwind
FreeEnvironmentStringsA
GetCommandLineA
GetEnvironmentStrings
LCMapStringA
TlsSetValue
GetTimeZoneInformation
CompareStringW
GetSystemTimeAsFileTime
FreeEnvironmentStringsW
LocalCompact
GetDiskFreeSpaceW
GetACP
GetCommandLineW
GetProcAddress
LeaveCriticalSection
InitializeCriticalSection
GetStartupInfoA
FindNextFileA
GetDateFormatA
LCMapStringW
RaiseException
GetStringTypeW
SetEnvironmentVariableA
GetEnvironmentStringsW
FileTimeToLocalFileTime
InterlockedExchange
GetLocaleInfoW
WriteFile
DeleteCriticalSection
IsBadWritePtr
SetStdHandle
MapViewOfFileEx
HeapDestroy
GetStringTypeA
HeapAlloc
IsValidLocale
ReadFileEx
DeleteAtom
GetStdHandle
VirtualQuery
GetModuleHandleA
IsValidCodePage
GetLastError

shell32

DragQueryFileAorW
SHGetMalloc
DoEnvironmentSubstA
SHGetSpecialFolderPathW
FindExecutableA
SHChangeNotify
ExtractIconA
SHLoadInProc
ExtractIconW
DuplicateIcon
SHGetSettings

Sections

.text
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 274KB - Virtual size: 289KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2827f1c283737a34b972979e0b31928d

Headers

File Characteristics

Imports

kernel32

shell32

Sections

.text Size: 130KB - Virtual size: 129KB

.data Size: 274KB - Virtual size: 289KB

.rsrc Size: 9KB - Virtual size: 9KB

.text
Size: 130KB - Virtual size: 129KB

.data
Size: 274KB - Virtual size: 289KB

.rsrc
Size: 9KB - Virtual size: 9KB