0f420dea2f31bda390fde01504aae407_JaffaCakes118

General

Target

0f420dea2f31bda390fde01504aae407_JaffaCakes118
Size

224KB
MD5

0f420dea2f31bda390fde01504aae407
SHA1

d8b7392dd52efcabd98c37cb86844d0626fed7ce
SHA256

979bb6a35e4809c6ea9ba0528c75c8cfa4df314fce6acecea7cdab3e65b27543
SHA512

c70d680a26738ce7c140efdaec66c27745b956530b20dfda8bf99c6ef9427c8c97ccbf3b3c5b1a68c01f7e3e6616f9db9dfaf33573a54c0f4f063dfe42a112d5
SSDEEP

3072:WkwVCIKFAM8RVMle8TIyou96Q19/qgDb4+fax70DtQO6Cdkn:U05z8RVD8pvv/xc+f47OQO6Ca

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f420dea2f31bda390fde01504aae407_JaffaCakes118

Files

0f420dea2f31bda390fde01504aae407_JaffaCakes118
.exe windows:4 windows x86 arch:x86

90082cd312e1c1cfcc6af508f5525287

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Dev\2008\mha\mha\Release\mha.pdb

Imports

kernel32

GetModuleFileNameA
LoadResource
LockResource
SizeofResource
FindResourceA
lstrlenA
CreateFileA
DeleteFileA
GetSystemDirectoryA
WriteFile
GetStringTypeW
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetVersionExA
GetACP
GetLocaleInfoA
CloseHandle
InterlockedExchange
GetStringTypeA
SetStdHandle
HeapFree
GetSystemTimeAsFileTime
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
HeapAlloc
RtlUnwind
ExitProcess
HeapReAlloc
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
GetProcAddress
TerminateProcess
GetCurrentProcess
HeapSize
VirtualProtect
GetSystemInfo
VirtualQuery
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
GetLastError
LCMapStringW
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
SetFilePointer
GetCPInfo
LoadLibraryA
GetOEMCP
IsBadReadPtr
IsBadCodePtr
FlushFileBuffers

advapi32

RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegCreateKeyExA

shlwapi

PathFileExistsA

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

90082cd312e1c1cfcc6af508f5525287

Headers

File Characteristics

PDB Paths

Imports

kernel32

advapi32

shlwapi

Sections

.text Size: 36KB - Virtual size: 35KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 7KB

.rsrc Size: 168KB - Virtual size: 167KB

.text
Size: 36KB - Virtual size: 35KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 168KB - Virtual size: 167KB