ffa776d25ed0c4f90d3589e41c4383bf_JaffaCakes118

General

Target

ffa776d25ed0c4f90d3589e41c4383bf_JaffaCakes118
Size

397KB
MD5

ffa776d25ed0c4f90d3589e41c4383bf
SHA1

5d1a77c65ce79b1fe83e506c4cd26af35d7adf8b
SHA256

1e590dad10ace55032d3e37e9505a99904ed518aa675c074813783da8979ec68
SHA512

9d36e69d9b23d146908194e084520f997e1e6b94a914268627c81b450401d11b709f47fcf29443896b0beb07c787d1652c6e861139d2e82f855c27bb2ddedf61
SSDEEP

12288:vVZpNsA7c4MtWq5KGgYBQsWbMSATr69c:tZpNsA7CP8gBQBQwc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ffa776d25ed0c4f90d3589e41c4383bf_JaffaCakes118

Files

ffa776d25ed0c4f90d3589e41c4383bf_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4f52dcbf4ae8e560ad3717bb1a97e4e6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualQuery
CompareFileTime
GetEnvironmentStringsA
GetTempPathA
QueryPerformanceCounter
GetCurrentProcess
HeapAlloc
LoadLibraryA
FoldStringA
ExitProcess
Sleep
InterlockedExchangeAdd
GetStringTypeW
GetSystemTimeAsFileTime
InterlockedExchange
GetTickCount
GetCurrentProcessId
GetModuleHandleA
HeapFree
SetConsoleCP
RtlUnwind
TerminateProcess
GetModuleFileNameA
HeapReAlloc
SetConsoleCtrlHandler
GetCurrentThreadId
VirtualAlloc
GetProcAddress

wininet

FtpGetFileSize
GopherGetAttributeW
SetUrlCacheEntryGroupA

user32

EnumPropsExW
wsprintfW
DrawFrame
PostThreadMessageA

advapi32

CryptVerifySignatureW
LookupPrivilegeDisplayNameA
CryptAcquireContextW
CryptGetKeyParam
CryptSetProviderExW
RegRestoreKeyW
CryptDecrypt
LookupAccountSidW
InitiateSystemShutdownA
StartServiceA
RegDeleteValueW
CryptSetKeyParam
RegSaveKeyA
RegEnumKeyExA
CryptSetHashParam
CryptAcquireContextA
RegReplaceKeyA
StartServiceW
CryptSetProvParam
CryptGenRandom
RegSetValueA
RegSetValueExW
LookupPrivilegeValueW

Sections

.text
Size: 129KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 265KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4f52dcbf4ae8e560ad3717bb1a97e4e6

Headers

File Characteristics

Imports

kernel32

wininet

user32

advapi32

Sections

.text Size: 129KB - Virtual size: 128KB

.data Size: 265KB - Virtual size: 264KB

.rsrc Size: 2KB - Virtual size: 2KB

.text
Size: 129KB - Virtual size: 128KB

.data
Size: 265KB - Virtual size: 264KB

.rsrc
Size: 2KB - Virtual size: 2KB