fa6cfa39554ffdf7a2eec5f05850d8dc_JaffaCakes118

General

Target

fa6cfa39554ffdf7a2eec5f05850d8dc_JaffaCakes118
Size

23KB
MD5

fa6cfa39554ffdf7a2eec5f05850d8dc
SHA1

0fb615b4f6072e1a1d37f3e8a818a6fd99bca9c8
SHA256

d07ac8cd42128cd964cad1bef6f45f27ef6b769d93134a8ae855c0fb4288e494
SHA512

502484b391828e7833edadc94c30abbafe96f633e529e090e64d62cbe2ce05fb2612ac32742d5d38a0696a8806ae687178b69f679f8b404c3fa2df4fa3e32550
SSDEEP

384:3tV6j0o1y0BD2RbFCrSlFGpW1nbSXtuj87K/vSmNnnFbmuZYc2TXX:/O1yKUbFNKW1+XtutnnFKuqzXX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fa6cfa39554ffdf7a2eec5f05850d8dc_JaffaCakes118

Files

fa6cfa39554ffdf7a2eec5f05850d8dc_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f344a024cf2fc64b84a7d738db192a8a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

ReadEncryptedFileRaw
PrivilegedServiceAuditAlarmW
LsaLookupPrivilegeDisplayName
CryptGetDefaultProviderW
LsaGetUserName
EnumServicesStatusExW
EqualDomainSid
LsaRetrievePrivateData
CloseEncryptedFileRaw

kernel32

CreateDirectoryExA
GetEnvironmentStrings
FindFirstFileExW
CancelIo
SearchPathW
GetCurrentProcess
GetCommProperties
WriteConsoleInputVDMW
GetProcessAffinityMask
ReadConsoleInputW
SetFileTime
WaitForMultipleObjects
WriteProfileStringA
LeaveCriticalSection
GetWriteWatch

ole32

OleDestroyMenuDescriptor
CreateBindCtx
OpenOrCreateStream
HBITMAP_UserFree
CreateStdProgressIndicator
HBRUSH_UserFree
StgOpenStorageOnHandle

user32

GetClassInfoW
IsDialogMessageW
CharToOemW
GetWinStationInfo
UserLpkTabbedTextOut
DrawCaption
GetUserObjectInformationW
GetWindowModuleFileNameW

gdi32

GetFontData
CreateScalableFontResourceA
EngDeleteClip
SetICMProfileA
SetWinMetaFileBits
GdiIsMetaPrintDC

msvcrt

floor
_set_sbh_threshold
_ismbbpunct
gets
strncmp
_tolower
_wfindfirsti64
raise
_safe_fprem1
remove

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f344a024cf2fc64b84a7d738db192a8a

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

ole32

user32

gdi32

msvcrt

Sections

.text Size: 19KB - Virtual size: 19KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 4KB

.text
Size: 19KB - Virtual size: 19KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 4KB