180cb1639db692cc5328e6a1cac29931_JaffaCakes118

General

Target

180cb1639db692cc5328e6a1cac29931_JaffaCakes118
Size

40KB
MD5

180cb1639db692cc5328e6a1cac29931
SHA1

c74dbd03be64bf3ce32c3828c64923734fcfd441
SHA256

18a2a60df3d8cb7dfae9c3226d9a57bc19a5c89c4c10e4c499840cdbc91c0da1
SHA512

b2bb403b938213c0facf86c5bf3f77f8815afe85c5d58ee0edd2d5385903a024eea6a5c7e5eee791e5b6193a9eb3018745b0adc6db1fbf89120c386c0184c8f9
SSDEEP

384:2Iwnpuwlcg6zC5dgOgB5syaDXYdyzhcJ0ZA8CEglat:2IwnllVXLgBAg080ZAMgl6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
180cb1639db692cc5328e6a1cac29931_JaffaCakes118

Files

180cb1639db692cc5328e6a1cac29931_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3fa749f4b38e5abbc34cf6787a9d2077

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MoveFileA
CreateProcessA
GetExitCodeProcess
GetModuleFileNameA
WaitForSingleObject
Sleep
SetFileAttributesA
DeleteFileA
GetWindowsDirectoryA
CopyFileA
WideCharToMultiByte
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
MoveFileExA
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
GetCPInfo
GetACP
GetOEMCP
HeapAlloc
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

advapi32

RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCloseKey
RegDeleteValueA

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3fa749f4b38e5abbc34cf6787a9d2077

Headers

File Characteristics

Imports

kernel32

advapi32

Sections

.text Size: 16KB - Virtual size: 15KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 12KB - Virtual size: 10KB

.rsrc Size: 4KB - Virtual size: 904B

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 12KB - Virtual size: 10KB

.rsrc
Size: 4KB - Virtual size: 904B