168ef57318677c7a42825d871d8816df_JaffaCakes118

General

Target

168ef57318677c7a42825d871d8816df_JaffaCakes118
Size

68KB
MD5

168ef57318677c7a42825d871d8816df
SHA1

844c455d9948cceb77338bee0346c95026b575ba
SHA256

90da0617ab274db6af7d53f5d8ed3825e76b8982546833412c91255ca03fc251
SHA512

3f058cefa67010817be64fda1d2f642ce47d3b0b2448c5825d300e80f7642383b36fe6d864b8a331cbe14a42a03fb96812aa1ad6ffcac748fb0f558e83b4f27a
SSDEEP

768:58bijr3OD2iGUwm/MTlnw46PwwDnT4M146OvcrESG+yvF3be8dxl7tu2:58bijLiGbTaewDnMJFvcrESRMbxJt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
168ef57318677c7a42825d871d8816df_JaffaCakes118

Files

168ef57318677c7a42825d871d8816df_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0671481fb36bbcb0617ce98af0c5a783

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
GetTokenInformation

kernel32

GetCurrentProcess
Process32Next
CloseHandle
Process32First
CreateToolhelp32Snapshot
GetCurrentDirectoryA
OpenProcess
GetFileAttributesA
ReadProcessMemory
WaitForSingleObject
CreateRemoteThread
VirtualFreeEx
WriteProcessMemory
VirtualAllocEx
GetProcAddress
LoadLibraryA
GetModuleHandleA
ExitProcess
GetLastError
HeapFree
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
GetCommandLineA
GetVersionExA
GetProcessHeap
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteFile
GetStdHandle
GetModuleFileNameA
DeleteCriticalSection
InitializeCriticalSection
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
SetHandleCount
GetFileType
GetStartupInfoA
Sleep
WideCharToMultiByte
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
RtlUnwind
SetFilePointer
GetConsoleCP
GetConsoleMode
FlushFileBuffers
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0671481fb36bbcb0617ce98af0c5a783

Headers

File Characteristics

Imports

advapi32

kernel32

Sections

.text Size: 44KB - Virtual size: 43KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 8KB - Virtual size: 12KB

.text
Size: 44KB - Virtual size: 43KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 8KB - Virtual size: 12KB