b90130e8fd69765e43e2c8cbebb853d0_JaffaCakes118

General

Target

b90130e8fd69765e43e2c8cbebb853d0_JaffaCakes118
Size

550KB
MD5

b90130e8fd69765e43e2c8cbebb853d0
SHA1

9bae58558ba71dccd2ad6ff8ac0621bdbe2af862
SHA256

7148ce6420b6f8c7c6f04ab4c8097304cc88e658a686676018b0a104ebc0e2b4
SHA512

6fac1441fb9d327797c305b37971365c93c457b43563724c990f270ed05c1b04b3716293af1549ce3957030c16ae1f90c9f30d0201cbac4ec4677f2d15451499
SSDEEP

12288:w6eqOdDePE45wOcK3NXW81l4VNrMMTiBUf4r:w5qE4N1X1lxMWY4r

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
b90130e8fd69765e43e2c8cbebb853d0_JaffaCakes118

Files

b90130e8fd69765e43e2c8cbebb853d0_JaffaCakes118
.exe windows:5 windows x86 arch:x86

2f5c5efca84361249b1c432398a0a33b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLocaleInfoW
FormatMessageW
GetExitCodeProcess
GetFileAttributesW
ReadFile
lstrlenW
IsBadStringPtrA
GetNamedPipeHandleStateW
LCMapStringA
GetLastError
GetProcAddress
RemoveDirectoryA
OpenWaitableTimerA
GetPrivateProfileSectionA
GetCurrentProcessId
GlobalAlloc
GetCurrencyFormatW
SetCommTimeouts
GetModuleHandleW
SleepEx
CreateHardLinkA
HeapAlloc
FindResourceW
GetDriveTypeW
FindFirstFileExA
CreateFileA
Sleep
ExitProcess
GetStartupInfoW
RaiseException
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
EnterCriticalSection
LeaveCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
WriteFile
GetStdHandle
GetModuleFileNameA
DeleteCriticalSection
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar
HeapSize
GetLocaleInfoA
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
LCMapStringW
GetStringTypeA
GetStringTypeW
CloseHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetFilePointer
SetStdHandle
GetModuleHandleA

advapi32

DeregisterEventSource
LookupAccountNameA
CloseEventLog

Sections

.text
Size: 393KB - Virtual size: 392KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 75KB - Virtual size: 4.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2f5c5efca84361249b1c432398a0a33b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

Sections

.text Size: 393KB - Virtual size: 392KB

.data Size: 75KB - Virtual size: 4.5MB

.rsrc Size: 81KB - Virtual size: 80KB

.text
Size: 393KB - Virtual size: 392KB

.data
Size: 75KB - Virtual size: 4.5MB

.rsrc
Size: 81KB - Virtual size: 80KB