447da7a5e3546ce15e7dcd16133f4db6_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

447da7a5e3546ce15e7dcd16133f4db6_JaffaCakes118
Size

1.3MB
MD5

447da7a5e3546ce15e7dcd16133f4db6
SHA1

35cb7b63ae5971034914d82fad078cb0d4b9f107
SHA256

e28cb4874ddb9b138ee16e40c711de00619f41a957e245579cb69bc4fe0b88b1
SHA512

d1979e6c86dc8e099fa61c04491856e4f090fb9fb0a05e28be43dcc95865e4a7eec62864e652bad192baaaefa3c187c487fb83031bb0077d1033ce44c3084aea
SSDEEP

24576:wIJXpXUOkkBzEuUmLBs3Nn7BjlpOu3lXpX7OuHBU0qBfkkkkkkkxxQQGAVFlv:wIbO7mLm3Nn7BxwuH98BkxQQlrlv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
447da7a5e3546ce15e7dcd16133f4db6_JaffaCakes118

Files

447da7a5e3546ce15e7dcd16133f4db6_JaffaCakes118
.exe windows:5 windows x86 arch:x86

cc72bb7a6bb34ad023bdd6ff6b985828

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
SetEndOfFile
WriteFile
ReadFile
SetFilePointer
CreateFileA
WaitForSingleObject
CreateProcessA
GetCurrentDirectoryA
GetFileSize
GetShortPathNameA
GetModuleFileNameA
RtlUnwind
GetLastError
DeleteFileA
GetCommandLineA
HeapSetInformation
GetStartupInfoW
HeapFree
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
DecodePointer
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetProcAddress
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
HeapAlloc
RaiseException
ExitProcess
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
Sleep
HeapSize
LoadLibraryW
LCMapStringW
MultiByteToWideChar
GetStringTypeW
HeapReAlloc

user32

MessageBoxA

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 281KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cc72bb7a6bb34ad023bdd6ff6b985828

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 27KB - Virtual size: 26KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 3KB - Virtual size: 6KB

.rsrc Size: 281KB - Virtual size: 280KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 27KB - Virtual size: 26KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 281KB - Virtual size: 280KB

.reloc
Size: 5KB - Virtual size: 5KB