f8799fba66c1deab08f7b66d3b7551fd_JaffaCakes118

General

Target

f8799fba66c1deab08f7b66d3b7551fd_JaffaCakes118
Size

388KB
MD5

f8799fba66c1deab08f7b66d3b7551fd
SHA1

364841584e6ada3a4dc8cf7eb40f6501239a92c2
SHA256

9c77cddf87b5f0ef80329e606f509d0b4e63ac1ae247b10a25f1fe692b15cd3c
SHA512

2dd79100d947d089ba4ec8e14d5b4d210ad203873d6162aa83bd3bc219808082e24c70253c74793c3438a93e0010f5bd8add0dfb7edeb224c5d90067df394140
SSDEEP

6144:eiP/bisYvhudOYt8hIStHm28FOxdk5SPM7eQ4ay9r50aDPnCk4E42G3E74:ec/2Rhud5wm2f/DPdj9rDCS5G3w

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f8799fba66c1deab08f7b66d3b7551fd_JaffaCakes118

Files

f8799fba66c1deab08f7b66d3b7551fd_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8173fdbac40b3d2d330e8039a786995f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcessId
VirtualQuery
LoadLibraryA
GetShortPathNameW
RtlUnwind
GetLastError
QueryPerformanceCounter
GetCurrentProcess
GetProcAddress
VirtualAlloc
GetCurrentThreadId
GetDiskFreeSpaceExA
HeapReAlloc
HeapAlloc
GlobalAlloc
GetSystemTimeAsFileTime
HeapFree
InterlockedExchange
GetModuleFileNameA
TerminateProcess
GetModuleHandleA
ExitProcess
GetTickCount
OutputDebugStringA
EnumResourceLanguagesW

gdi32

UpdateICMRegKeyA
PolylineTo
SetBoundsRect
SetColorAdjustment
Arc
CreateDIBPatternBrushPt
GetCharWidthFloatA
GetOutlineTextMetricsA
TextOutA
GetAspectRatioFilterEx
GetICMProfileA
DrawEscape
CreateBitmapIndirect
GetObjectW
PtInRegion
GetTextColor
GetFontData
OffsetViewportOrgEx
CreateHalftonePalette
SetColorSpace
GetCurrentObject
PolyBezierTo
EqualRgn
GetPaletteEntries

advapi32

CryptHashData
CryptSetProviderExA
CryptSetProviderA
LookupPrivilegeValueA
StartServiceW
RegQueryValueExW
LookupSecurityDescriptorPartsA
RegRestoreKeyA
StartServiceA
CryptDuplicateKey
RegQueryValueA
RegDeleteValueW
CreateServiceA
CryptGenKey
RegQueryInfoKeyA
DuplicateTokenEx
RegQueryInfoKeyW

Sections

.text
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8173fdbac40b3d2d330e8039a786995f

Headers

File Characteristics

Imports

kernel32

gdi32

advapi32

Sections

.text Size: 113KB - Virtual size: 112KB

.data Size: 264KB - Virtual size: 263KB

.rsrc Size: 10KB - Virtual size: 9KB

.text
Size: 113KB - Virtual size: 112KB

.data
Size: 264KB - Virtual size: 263KB

.rsrc
Size: 10KB - Virtual size: 9KB