1942f9986b9a1862477041844f935252_JaffaCakes118

General

Target

1942f9986b9a1862477041844f935252_JaffaCakes118
Size

179KB
MD5

1942f9986b9a1862477041844f935252
SHA1

089be930a92a2757498eb3ffc9281829202d5861
SHA256

23a84d2b2d47fb3e87d75fee1783b0dcaff015369272065d9ba27e82097fee60
SHA512

5dcd701cd6810dcd57bbe6d993392a9e4a748d5436fc51b6241500ea0d9663dec98641dd6b41ed5829a4d033dd6b20bf14795b3a4dd3a3fd091015d195d0c881
SSDEEP

3072:tt0leMbxC/QnVnyiuwcqoVDWmMYwW5RY2zYA8YeKfzHjvOX:EqcVnywY8YTXIA8DKfPOX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1942f9986b9a1862477041844f935252_JaffaCakes118

Files

1942f9986b9a1862477041844f935252_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9fe8b475a367725ed889b444c401f6ab

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OutputDebugStringA
GetHandleInformation
TlsFree
GetConsoleWindow
DebugBreak
GetSystemInfo
GlobalSize
LoadLibraryW
CloseHandle
GetNumberFormatW
ReplaceFileW
GetConsoleAliasW
Process32First
GetDefaultCommConfigW
GetCommandLineA
ExitProcess
GetStartupInfoA

user32

CascadeChildWindows
SystemParametersInfoA
CloseWindowStation
RegisterWindowMessageW
SetInternalWindowPos
IsChild
EnumThreadWindows
IsZoomed
SendMessageA
DeregisterShellHookWindow
GetScrollRange
SetConsoleReserveKeys
GetTabbedTextExtentW
FillRect
GetMenuState
InsertMenuW
ShowStartGlass
SetTaskmanWindow

shell32

SHUpdateRecycleBinIcon
StrChrA
ExtractIconW
SHGetInstanceExplorer
ExtractIconA
SHGetFileInfoW
RealShellExecuteExW
CommandLineToArgvW

gdi32

GdiGetLocalBrush
RectInRegion
SelectObject
CreateScalableFontResourceA
ExtFloodFill
GdiConvertDC
GdiPrinterThunk
GetMiterLimit
PolyDraw
GdiCreateLocalMetaFilePict
EngDeleteSemaphore
PolyTextOutA

Sections

.text
Size: 5KB - Virtual size: 794KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 168KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9fe8b475a367725ed889b444c401f6ab

Headers

File Characteristics

Imports

kernel32

user32

shell32

gdi32

Sections

.text Size: 5KB - Virtual size: 794KB

.data Size: 168KB - Virtual size: 171KB

.rsrc Size: 2KB - Virtual size: 4KB

.edata Size: 2KB - Virtual size: 1KB

.reloc Size: - Virtual size: 4KB

.text
Size: 5KB - Virtual size: 794KB

.data
Size: 168KB - Virtual size: 171KB

.rsrc
Size: 2KB - Virtual size: 4KB

.edata
Size: 2KB - Virtual size: 1KB

.reloc
Size: - Virtual size: 4KB