186018245413fe2e77c4747b07e8dae2_JaffaCakes118

General

Target

186018245413fe2e77c4747b07e8dae2_JaffaCakes118
Size

468KB
MD5

186018245413fe2e77c4747b07e8dae2
SHA1

f8aaf00d59d47da7d8aea28d3ce26a47cadb5d8b
SHA256

bc25375612eda4ca1cdae0e0a48594a2d8f0c9ec307971da3dd26d520a658664
SHA512

c6bfd43f6478ffa424ca79c405f3ba503b7f9599531578ed1309b46d0782c5059266016770105bbbee26b2257e5c1c5b1a7f45ff15bccd431b609c4a269c1aa3
SSDEEP

12288:Y9Bnaprb8UPG8vQkGlALvJOl/7bnjImwYAOxjpG:Y9JahVPXQtm8l/XjIFY4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
186018245413fe2e77c4747b07e8dae2_JaffaCakes118

Files

186018245413fe2e77c4747b07e8dae2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

549e0e55e5123a44d0ae2732d1e70002

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenProcess
WaitForSingleObject
TerminateProcess
GetTimeFormatA
CloseHandle
Sleep
GetCommandLineA
GetDateFormatA
GetVersionExA
GetModuleFileNameA
FreeEnvironmentStringsA
UnhandledExceptionFilter
ReadFile
SetEndOfFile
LoadLibraryA
GetProcAddress
GetOEMCP
HeapAlloc
HeapFree
RtlUnwind
GetLastError
DeleteFileA
GetModuleHandleA
GetStartupInfoA
GetVersion
ExitProcess
GetFileAttributesA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
WriteFile
GetCurrentProcess
GetCPInfo
GetACP
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
CreateFileA
SetStdHandle
FlushFileBuffers
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
SetFilePointer
LCMapStringA
LCMapStringW

user32

SendMessageTimeoutA
GetWindow
GetWindowThreadProcessId
GetWindowTextA
GetClassNameA
IsWindow
EnumWindows

advapi32

RegOpenKeyExA
RegSetValueExA
RegDeleteValueA
RegEnumValueA
RegCloseKey
RegQueryValueExA
RegEnumKeyExA
RegCreateKeyExA
RegQueryValueA
RegDeleteKeyA

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 288KB - Virtual size: 286KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

549e0e55e5123a44d0ae2732d1e70002

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 40KB - Virtual size: 39KB

.rdata Size: 288KB - Virtual size: 286KB

.data Size: 16KB - Virtual size: 23KB

.rsrc Size: 4KB - Virtual size: 1000B

.text Size: 116KB - Virtual size: 116KB

.text
Size: 40KB - Virtual size: 39KB

.rdata
Size: 288KB - Virtual size: 286KB

.data
Size: 16KB - Virtual size: 23KB

.rsrc
Size: 4KB - Virtual size: 1000B

.text
Size: 116KB - Virtual size: 116KB