f9ccdb026619981a8a4e105c33a0a242_JaffaCakes118

General

Target

f9ccdb026619981a8a4e105c33a0a242_JaffaCakes118
Size

71KB
MD5

f9ccdb026619981a8a4e105c33a0a242
SHA1

0ba798d059ec181c72bb3d31adc5bd25d741dd1f
SHA256

631a3a1c5d9e2411ef6f92c7c5f89466efac9446afa025843421fc65832f261f
SHA512

9abf0e98380640e68cc30dec4dde78f0f942fc84393d4cab234075f16bb97e05f4ab3df40ae8c9daea8349eb77b597eea1fd8b48924e00a50c5dd7b731122100
SSDEEP

384:baN2AoNfHBVqS3QiZrxtDSL3TyY/Yc4aj7HMuKKqFHkONFG1a9E1xq3UZU9w1xqn:b02AA7JBaHHMvEONc1a9WZU9qZU9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f9ccdb026619981a8a4e105c33a0a242_JaffaCakes118

Files

f9ccdb026619981a8a4e105c33a0a242_JaffaCakes118
.exe windows:5 windows x86 arch:x86

231403a3e56a721ea2dc77dda1867060

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\TOOLS\Projects\Server\Release\Server.pdb

Imports

kernel32

GetProcAddress
LoadLibraryA
Sleep
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DecodePointer
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
EncodePointer
GetStartupInfoW
HeapSetInformation
InterlockedCompareExchange
InterlockedExchange
GetSystemTimeAsFileTime

msvcr100

_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
__set_app_type
_crt_debugger_hook
_initterm
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_invoke_watson
_controlfp_s
memset
__CxxFrameHandler3
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
strstr
strrchr
??3@YAXPAX@Z
malloc
??2@YAPAXI@Z
free
realloc
?terminate@@YAXXZ
_stricmp
_CxxThrowException
memcpy

imagehlp

MakeSureDirectoryPathExists

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

231403a3e56a721ea2dc77dda1867060

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcr100

imagehlp

Sections

.text Size: 12KB - Virtual size: 11KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 3KB - Virtual size: 3KB

.rsrc Size: 48KB - Virtual size: 48KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 48KB - Virtual size: 48KB

.reloc
Size: 2KB - Virtual size: 1KB