01a49ea1059a96537b6eb9530564d3eb_JaffaCakes118

General

Target

01a49ea1059a96537b6eb9530564d3eb_JaffaCakes118
Size

21KB
MD5

01a49ea1059a96537b6eb9530564d3eb
SHA1

9565a05f48b5820f866f982273644e229237bbe0
SHA256

ac5ca140b587493c8fe86dcf3574a405d544cacc4fd7d2e3334686b5d98def79
SHA512

2b03f8a25b03c1f26fc9d72a041f449e1526289e965e0d3b8e638093ba113a10d2cacfc17e2d46156a96ace81cb0af73833a0f30586ecd29ff4ab50e5d4021e8
SSDEEP

192:REXKPA6wKUUb5rsz9VmhSqrzWgnBa9t4M/0z3SRTR+ppRvGsSS75kfOFfnvwtA:REX0lnqJgVni92MMLSBYppR+Y75kfOxr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
01a49ea1059a96537b6eb9530564d3eb_JaffaCakes118

Files

01a49ea1059a96537b6eb9530564d3eb_JaffaCakes118
.exe windows:1 windows x86 arch:x86

9b8afb44d8909fc7961aa818b4800ed5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

ntdll

strchr
_strupr
tolower

advapi32

OpenProcessToken
LookupPrivilegeValueA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
AdjustTokenPrivileges

kernel32

HeapReAlloc
GetModuleFileNameA
UnhandledExceptionFilter
GetStringTypeW
GetCurrentProcessId
GetCommandLineA
ExitProcess
WideCharToMultiByte
GetLastError
GetCurrentProcess
GetCurrentThreadId
CloseHandle
TerminateProcess
OpenProcess
GetVersion
GetEnvironmentStrings
FlushFileBuffers
MultiByteToWideChar
HeapAlloc
HeapFree
LCMapStringW
RtlUnwind
SetStdHandle
GetStdHandle
GetFileType
GetStartupInfoA
GetProcessHeap
WriteFile
SetFilePointer

user32

GetWindowThreadProcessId
GetThreadDesktop
OpenDesktopA
CloseWindowStation
SetProcessWindowStation
CloseDesktop
SetThreadDesktop
PostMessageA
EnumWindows
GetProcessWindowStation
OpenWindowStationA
EnumWindowStationsA
EnumDesktopsA
GetWindowTextA

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 27KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 193B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9b8afb44d8909fc7961aa818b4800ed5

Headers

File Characteristics

Imports

ntdll

advapi32

kernel32

user32

Sections

.text Size: 11KB - Virtual size: 11KB

.bss Size: - Virtual size: 27KB

.rdata Size: 512B - Virtual size: 193B

.data Size: 4KB - Virtual size: 3KB

.idata Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 11KB - Virtual size: 11KB

.bss
Size: - Virtual size: 27KB

.rdata
Size: 512B - Virtual size: 193B

.data
Size: 4KB - Virtual size: 3KB

.idata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB