0f8c2897bc0a1474f6895094466affbd_JaffaCakes118

General

Target

0f8c2897bc0a1474f6895094466affbd_JaffaCakes118
Size

208KB
MD5

0f8c2897bc0a1474f6895094466affbd
SHA1

2d121bd52107b87f50ef30495f15f6b9984a52cb
SHA256

5cbe31028994c53ca77cb7c6e313acc44a00986d5bdd8303a4ed43856b738a96
SHA512

a0178794ebc8aac219a53da5111b7904b3533e551a4dfc95113f239df2137b2a6ef3f1c0f50e6bd4c0c637b45f1c6a2010b6f49d8a746ec16a354a13315cdc16
SSDEEP

3072:V5IGBlH8OzCepWbqbm/DAvcJUIMNsaauQKc:ViSEbqbm/DAvyUhAu+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f8c2897bc0a1474f6895094466affbd_JaffaCakes118

Files

0f8c2897bc0a1474f6895094466affbd_JaffaCakes118
.exe windows:4 windows x86 arch:x86

104a9d5201c45286c58fa88e66a7cb16

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
VirtualProtect
GetProcAddress
GetModuleHandleA
WaitForSingleObject
ResetEvent
PulseEvent
GetCurrentThreadId
FlushFileBuffers
GetCurrentProcess
VirtualAlloc
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
VirtualFree
GetCurrentThread
GetCommandLineA
QueryPerformanceCounter
HeapSize
VirtualQuery
InterlockedExchange
GetStartupInfoA
GetVersionExA
ExitProcess
TerminateProcess
WriteFile
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapDestroy
HeapCreate
HeapFree
GetACP
GetOEMCP
GetCPInfo
HeapAlloc
HeapReAlloc
RtlUnwind
GetSystemInfo

user32

GetFocus
IsWindowEnabled
GetSysColorBrush
LoadIconA
GetParent
LoadBitmapA
EnableWindow
CreateWindowExA

gdi32

CreateSolidBrush
GetPixel

winscard

SCardEstablishContext

psapi

EnumProcessModules

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 120KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

104a9d5201c45286c58fa88e66a7cb16

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winscard

psapi

Sections

.text Size: 20KB - Virtual size: 16KB

.rdata Size: 60KB - Virtual size: 58KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 120KB - Virtual size: 184KB

.text
Size: 20KB - Virtual size: 16KB

.rdata
Size: 60KB - Virtual size: 58KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 120KB - Virtual size: 184KB