139ff8c145ba2e2d8a39adc39dcdb5a8_JaffaCakes118

General

Target

139ff8c145ba2e2d8a39adc39dcdb5a8_JaffaCakes118
Size

1.1MB
MD5

139ff8c145ba2e2d8a39adc39dcdb5a8
SHA1

52cae5ecc2e5b5a656159c2bee3129f3b1cba6c0
SHA256

2840ad9a78f4914bfee22f993b23951121ddba5aac85bb348df4cab89ddcd9ba
SHA512

a7c3a44a5365957db18d667df24fcae6a3a6e3b6798d31bd295c50d329affe332a211a37865676b88b926586cdf2a5c21f2fe25c6eb6dd41d98711cf340b1c55
SSDEEP

24576:PrZpixYa8sWA+QeyILBmQcWRthsB3oOMsGUReDBr5U4:X/vYey/9WVsBXMsxReFC4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
139ff8c145ba2e2d8a39adc39dcdb5a8_JaffaCakes118

Files

139ff8c145ba2e2d8a39adc39dcdb5a8_JaffaCakes118
.exe windows:5 windows x86 arch:x86

606c52fc30a67617ba6fe91d22705ea8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_exit
__p___winitenv
exit
_XcptFilter

kernel32

WideCharToMultiByte
FreeConsole
GetUserDefaultLCID
GetLocaleInfoW
GetCPInfo
CreateFileW
FindResourceW
LoadLibraryExW
lstrlenW
lstrcmpW
SystemTimeToFileTime
GetSystemInfo
MulDiv
CloseHandle
SetEndOfFile
GetFileType
GetProcAddress
VirtualAlloc
HeapAlloc
GetCurrentThreadId
GetLastError
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ReleaseSemaphore
LoadResource

secur32

FreeCredentialsHandle

shell32

SHGetPathFromIDListW
CommandLineToArgvW
DragAcceptFiles
DragFinish

oleaut32

VariantCopy
CreateErrorInfo
GetErrorInfo
SetErrorInfo
RegisterTypeLi
LoadTypeLi
VarNot
SysAllocStringLen
SysReAllocStringLen
SysStringLen
SafeArrayCreate
SafeArrayRedim
SafeArrayUnaccessData
SafeArrayGetElement
SafeArrayPutElement
SafeArrayPtrOfIndex
VariantClear
VariantCopyInd
VariantChangeType
VarI4FromStr
VarR8FromStr
VarDateFromStr
VarCyFromStr
VarBstrFromCy
VarBstrFromBool
VarBoolFromStr
VarNeg

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 420KB - Virtual size: 7.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rd8f
Size: 314KB - Virtual size: 314KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 379KB - Virtual size: 379KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

606c52fc30a67617ba6fe91d22705ea8

Headers

File Characteristics

Imports

msvcrt

kernel32

secur32

shell32

oleaut32

Sections

.text Size: 43KB - Virtual size: 42KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 420KB - Virtual size: 7.7MB

.rd8f Size: 314KB - Virtual size: 314KB

.rsrc Size: 379KB - Virtual size: 379KB

.text
Size: 43KB - Virtual size: 42KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 420KB - Virtual size: 7.7MB

.rd8f
Size: 314KB - Virtual size: 314KB

.rsrc
Size: 379KB - Virtual size: 379KB