87e3783f36e77a40a38bd9367b48957a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

87e3783f36e77a40a38bd9367b48957a_JaffaCakes118
Size

603KB
MD5

87e3783f36e77a40a38bd9367b48957a
SHA1

9654561fa88a9e8564a29aa65889c2b8ba6f09cc
SHA256

3d4aa4275d09cc5d2621202be399edbe68362c4f07415dbf482077fa0d6e6607
SHA512

6cec04eea874ceb54e75a6a5718013b28c60f005b9aa343527baf48e26dd8524c653325f6175a85d046e30a92a9be568fe0dcf4e09b0e5debd6981e809a485c5
SSDEEP

12288:AalNGlbSPXDZsPkFjXF422rCly2QT3OeOV:BalWPVkkNXF422rCo9jA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
87e3783f36e77a40a38bd9367b48957a_JaffaCakes118

Files

87e3783f36e77a40a38bd9367b48957a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

8dbfd316d4031111f15eac853d01fe0a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_BIND
IMAGE_DLLCHARACTERISTICS_APPCONTAINER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

dbg.pdb

Imports

authz

AuthzAccessCheck
AuthzInitializeContextFromSid
AuthzFreeContext
AuthzFreeResourceManager

kernel32

CreateMutexA
FindResourceA
GetModuleHandleA
GetLastError
SetStdHandle
GetProcAddress
GetVersionExA
GetStdHandle
GetComputerNameW
CreateSemaphoreA
GetShortPathNameA
CopyFileA
GetSystemInfo
lstrcmpiA
CompareStringA
DeviceIoControl
GetEnvironmentVariableW
FormatMessageA
lstrcmpiA
InterlockedExchange
GetAtomNameA
VirtualQuery
lstrcmpiA
TlsGetValue
GetBinaryTypeW
GetLocalTime
QueryDosDeviceA
GetConsoleTitleW
HeapValidate
GetLogicalDrives
GetDiskFreeSpaceA
GetFileType
GetCurrentDirectoryW
GetCurrentProcess
GetDriveTypeW
CreateNamedPipeW
SetFileAttributesA
GetFullPathNameA
GetProcessHeap
GetLocaleInfoA
FileTimeToLocalFileTime

azroles

AzFreeMemory
AzGetProperty
AzCloseHandle
AzGroupDelete

msimg32

vSetDdrawflag
DllInitialize
GradientFill

shlwapi

PathCombineA
PathCommonPrefixA
PathCompactPathA
UrlCanonicalizeA
UrlHashA
UrlCombineA
UrlIsOpaqueA
UrlIsNoHistoryA
UrlCreateFromPathA
UrlCompareA
UrlGetPartA

user32

DrawIcon
PeekMessageA
IsWindow
SetCursorPos
CharToOemA
LoadImageA
PostMessageA
IsDialogMessageA
IsCharLowerW
wsprintfA
IsZoomed
DispatchMessageA
GetWindowTextA

Sections

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 563KB - Virtual size: 668KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8dbfd316d4031111f15eac853d01fe0a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

authz

kernel32

azroles

msimg32

shlwapi

user32

Sections

.text Size: 30KB - Virtual size: 29KB

.data Size: 5KB - Virtual size: 16KB

.rsrc Size: 563KB - Virtual size: 668KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 30KB - Virtual size: 29KB

.data
Size: 5KB - Virtual size: 16KB

.rsrc
Size: 563KB - Virtual size: 668KB

.reloc
Size: 3KB - Virtual size: 3KB