7ec0decf55d3ce9bf112ca4bdcb7db02_JaffaCakes118

General

Target

7ec0decf55d3ce9bf112ca4bdcb7db02_JaffaCakes118
Size

361KB
MD5

7ec0decf55d3ce9bf112ca4bdcb7db02
SHA1

a7e40979878f0afb813a429f3d644cebe257740e
SHA256

f92625cc11494c0c5d265ed331354338c45c05658323cfae8ff4a8099351ae05
SHA512

81cc2986d1c2f1f395e78f772c92ae4cd8253ba365a73433ce61615d02349f652530704c76bd046ebf135615ef5fcf727aea4d42cffded511312d541bfb464dc
SSDEEP

6144:Ohq8rHjQ2sFvI5TqMp1bKGZRSj2DvaAAFFWaYUk+nB9kHA0Xm5duA+fbT+U/vnC:OhbTsFvG5KWRSSGAAFsa1dB9kHAEfA+y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7ec0decf55d3ce9bf112ca4bdcb7db02_JaffaCakes118

Files

7ec0decf55d3ce9bf112ca4bdcb7db02_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c3a7a420ad4c8848ab000fd9317a003f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

free
malloc
isprint
sprintf
sscanf
mbstowcs
_wcsicmp
wcscmp

ntdll

NtQuerySystemInformation
NtOpenThreadToken
NtOpenProcessToken
RtlTimeToElapsedTimeFields
RtlConvertSidToUnicodeString
NtQueryIoCompletion
NtQueryKey
NtQuerySection
NtQueryTimer
NtQueryMutant
NtQuerySemaphore
NtQueryEvent
RtlCreateUnicodeStringFromAsciiz
RtlFreeUnicodeString
NtQueryInformationToken
NtQueryInformationThread
NtQueryInformationProcess
NtDuplicateObject
NtQueryObject
NtClose
RtlFreeHeap
RtlAllocateHeap
NtQueryInformationAtom
RtlNtStatusToDosError
LdrGetDllHandle

kernel32

LocalAlloc
LocalFree
GetVersionExA
GetLastError
GetModuleHandleA
FormatMessageA
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
lstrlenA
GetSystemTimeAsFileTime
VirtualQueryEx
GetCurrentProcess
DuplicateHandle
GetProcAddress
LoadLibraryA

advapi32

RegQueryValueExA
RegOpenKeyExA
LookupAccountSidW
RegEnumKeyExA
RegEnumValueA
RegQueryInfoKeyA
RegCloseKey

Sections

.text
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 311KB - Virtual size: 401KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 692B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c3a7a420ad4c8848ab000fd9317a003f

Headers

File Characteristics

Imports

msvcrt

ntdll

kernel32

advapi32

Sections

.text Size: 46KB - Virtual size: 45KB

.data Size: 311KB - Virtual size: 401KB

.rdata Size: 2KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 692B

.text
Size: 46KB - Virtual size: 45KB

.data
Size: 311KB - Virtual size: 401KB

.rdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 692B