401523be94843104f7afbb5bb7fa4acf_JaffaCakes118

General

Target

401523be94843104f7afbb5bb7fa4acf_JaffaCakes118
Size

821KB
MD5

401523be94843104f7afbb5bb7fa4acf
SHA1

3cec7985672568da32f2b6f0d6994a4f7830cc46
SHA256

24cc5613c93e1c2e3ce75e5f49f313fca2d2fafa2a7a4300549d023696a38e82
SHA512

70e1ce6bb726a2c7bc901c82e04c10494fd2c51e1ef563e6e52626096544e8bfb76ae3011d340ade999cd573ecb1854b6dd84a441c2b7fdfa11eb5c45cb73b1f
SSDEEP

12288:kLL97t0XNbr8IUT+fFmNnj5pkXfOdg1WhKHYiBdEcY/KV4821EUTEW:o9EexWFmN/k+sWQHYiBy9CmUUTh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
401523be94843104f7afbb5bb7fa4acf_JaffaCakes118

Files

401523be94843104f7afbb5bb7fa4acf_JaffaCakes118
.exe windows:5 windows x86 arch:x86

60dff75b7af7140266f0c93be2946ccf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winspool.drv

XcvDataW
DeleteMonitorW
EndPagePrinter
StartDocPrinterW
GetSpoolFileHandle

kernel32

WriteConsoleW
SetFilePointerEx
SetStdHandle
GetConsoleMode
GetConsoleCP
LocalFree
VirtualAlloc
GetEnvironmentStringsW
GetCurrentThreadId
GetLastError
InitializeCriticalSection
ReleaseSemaphore
SetFilePointer
FindClose
CloseHandle
GetCommConfig
GetSystemTime
GetLocalTime
GetSystemInfo
FormatMessageW
lstrlenW
CreateMutexW
CreateEventW
GetModuleFileNameW
GetCommandLineW
GetTempPathW
GetFullPathNameW
FindFirstFileW
MoveFileWithProgressW
BuildCommDCBW
QueryPerformanceCounter
GetOEMCP
MultiByteToWideChar
WideCharToMultiByte
GetThreadLocale
GetStringTypeW
GetConsoleWindow
FlushFileBuffers
LCMapStringW
IsProcessorFeaturePresent
SetLastError
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
GetProcAddress
CreateFileW
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
WriteFile
GetCurrentProcessId
GetSystemTimeAsFileTime
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
HeapFree
IsValidCodePage
GetACP
GetCPInfo
IsDebuggerPresent
LoadLibraryExW
RtlUnwind
OutputDebugStringW
HeapAlloc
HeapReAlloc
HeapSize

user32

PackDDElParam
InflateRect
GetMenuDefaultItem
IsCharAlphaNumericW
MoveWindow

Sections

.text
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 749KB - Virtual size: 749KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

60dff75b7af7140266f0c93be2946ccf

Headers

File Characteristics

Imports

winspool.drv

kernel32

user32

Sections

.text Size: 62KB - Virtual size: 62KB

.rdata Size: 749KB - Virtual size: 749KB

.data Size: 8KB - Virtual size: 6.6MB

.text
Size: 62KB - Virtual size: 62KB

.rdata
Size: 749KB - Virtual size: 749KB

.data
Size: 8KB - Virtual size: 6.6MB