17b5feb532362066928240d0cb10381f_JaffaCakes118

General

Target

17b5feb532362066928240d0cb10381f_JaffaCakes118
Size

32KB
MD5

17b5feb532362066928240d0cb10381f
SHA1

40364f3762404030b6848c7ee05946da91b285c4
SHA256

f3b05e990a453de49fba4a2489cf63eef8e0612c078878816effbe8c2da44576
SHA512

b6404fd8472bed992a8836f7911006c7d8b8fc9e8d8963780edc588b0f14eccd7b988228553f77b3fccec8f9087a367d8a4193750806bed4ebfe1911af9bb14f
SSDEEP

384:z43mWd5+ZnzeMxlv/+p44/UexAcxN+8VoaKJZee:zPEQnKClv/+pLAY3+fZee

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
17b5feb532362066928240d0cb10381f_JaffaCakes118

Files

17b5feb532362066928240d0cb10381f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ec57a00ec5c9e32aa99b7d960b642961

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegOpenKeyExA
RegSetValueExA

kernel32

AddAtomA
CloseHandle
CreateFileA
CreateToolhelp32Snapshot
DeleteFileA
ExitProcess
FindAtomA
FindClose
FindFirstFileA
FindNextFileA
GetAtomNameA
GetDriveTypeA
GetExitCodeProcess
GetLogicalDriveStringsA
GetModuleFileNameA
GetProcAddress
GetShortPathNameA
GetSystemDirectoryA
GetVersionExA
GlobalAlloc
GlobalFree
LoadLibraryA
OpenProcess
Process32First
Process32Next
SetUnhandledExceptionFilter
TerminateProcess
WriteFile
lstrcatA
lstrcpyA
lstrlenA

msvcrt

__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_iob
_onexit
_setmode
abort
atexit
exit
fflush
fprintf
free
getenv
malloc
memset
signal
strcmp
toupper

shell32

ShellExecuteA

user32

ExitWindowsEx
SwapMouseButton

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 176B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ec57a00ec5c9e32aa99b7d960b642961

Headers

File Characteristics

Imports

advapi32

kernel32

msvcrt

shell32

user32

Sections

.text Size: 8KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 128B

.rdata Size: 2KB - Virtual size: 1KB

.bss Size: - Virtual size: 176B

.idata Size: 2KB - Virtual size: 1KB

.text
Size: 8KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 128B

.rdata
Size: 2KB - Virtual size: 1KB

.bss
Size: - Virtual size: 176B

.idata
Size: 2KB - Virtual size: 1KB