152d9bfc3d331cba7e691f3f1e83f4d2_JaffaCakes118

General

Target

152d9bfc3d331cba7e691f3f1e83f4d2_JaffaCakes118
Size

91KB
MD5

152d9bfc3d331cba7e691f3f1e83f4d2
SHA1

de453b2a00a0b2b7495bd9fa377053dc531f21b8
SHA256

1e74c5076b08ebbb8f8e78e556c64124fdf1e5c0be56eaa1f9c86ac40afd95b6
SHA512

e3f6609591053b06c67e9d4a94b2a0bf5be47970850c0bf725ebeb0d5cb8e823a2ae098754f3a6abdfc5bfbec992dc282f33a528366d1b8e1f578eeea7727d74
SSDEEP

384:iQ+ibNgSRowmvq8zZJv5lfo0wdyTgMTJgB66eD:ZiUzmvqUvrfo0wdvky/e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
152d9bfc3d331cba7e691f3f1e83f4d2_JaffaCakes118

Files

152d9bfc3d331cba7e691f3f1e83f4d2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9bbbadb2288d2d94f38c71fd1d388493

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\cygwin\ldisk\daily_build\otp_build_win32_r13b04.2010-02-22_20\otp_src_R13B04\bin\win32\erl.pdb

Imports

msvcr80

_crt_debugger_hook
?terminate@@YAXXZ
_unlock
__dllonexit
__set_app_type
_onexit
_decode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
__initenv
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
memmove
strchr
realloc
sprintf
strncmp
free
_strdup
vsprintf
__iob_func
fprintf
exit
_lock
malloc

kernel32

GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
WriteFile
CreateFileA
CloseHandle
ReadFile
GetEnvironmentVariableA
LoadLibraryA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
SetEnvironmentVariableA
FindFirstFileA
FindNextFileA
FindClose
GetSystemTimeAsFileTime

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9bbbadb2288d2d94f38c71fd1d388493

Headers

File Characteristics

PDB Paths

Imports

msvcr80

kernel32

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 80KB - Virtual size: 152KB

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 80KB - Virtual size: 152KB