1c084a8a0c00166b7aaf3d6175e2eef2_JaffaCakes118

General

Target

1c084a8a0c00166b7aaf3d6175e2eef2_JaffaCakes118
Size

272KB
MD5

1c084a8a0c00166b7aaf3d6175e2eef2
SHA1

fb911a48da3375867258e956e391fdd15145e586
SHA256

4adc788db363dc9fcab598f8bdc70acaa59ec168ad2df31bae72e95b7906f6ab
SHA512

abe7988d1dc110f7a5bdf9ede4e4154c3cb85ba4039356cbbdea4fc61f0234c6d4f58bddf10254e910f8779354d4ea956b9be2993162397fb1f8405879545936
SSDEEP

6144:rfZtxIVZOD6s4FyqwgVKdsYGWHdfdrrJs0w1klRgaaN4QmO0q:rf78sD6EIKvRf5RYa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1c084a8a0c00166b7aaf3d6175e2eef2_JaffaCakes118

Files

1c084a8a0c00166b7aaf3d6175e2eef2_JaffaCakes118
.exe windows:5 windows x86 arch:x86

0c3160faaed779c4df3fa863ae98bb2b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetCurrentDirectoryW
GetLocaleInfoA
CreateProcessW
lstrcmpA
GetCommandLineW
GetStdHandle
FreeEnvironmentStringsW
SetPriorityClass
IsValidCodePage
VirtualAlloc
lstrcatA
TerminateProcess
GetVersion
SizeofResource
GlobalAlloc
FileTimeToSystemTime
GetStartupInfoW
Beep
GetProfileIntA
GetSystemTime
GetEnvironmentStringsW
LoadResource
EnterCriticalSection
CompareFileTime
IsDBCSLeadByteEx
IsDBCSLeadByte
QueryPerformanceCounter
LockResource
IsBadReadPtr
SetThreadPriority
VirtualFree
HeapSize
CreateProcessA
HeapAlloc
GetCommandLineA
SearchPathA
RtlUnwind
Sleep
LocalAlloc
GlobalAddAtomW
SystemTimeToFileTime
GetVersionExA
CreateEventA
InitializeCriticalSection
WideCharToMultiByte
GlobalMemoryStatus
CreateThread
LocalFree
OpenFile
GetStringTypeA
InterlockedDecrement
SearchPathW
LCMapStringW
QueryPerformanceFrequency
LoadLibraryW
HeapCreate
GlobalFree
GetCurrentProcess
GetSystemTime
TlsGetValue
SetProcessWorkingSetSize
SetHandleCount
GetCPInfo
SetLastError
SetFilePointer

ntdll

ZwOpenMutant
RtlCreateTimer
NtQuerySection
NtQueryInformationProcess
RtlFreeUnicodeString
RtlFillMemory
NtWriteFile
ZwSetEvent
NtReadFile
NtSetDefaultLocale
NtProtectVirtualMemory

Sections

.text
Size: 201KB - Virtual size: 201KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0c3160faaed779c4df3fa863ae98bb2b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ntdll

Sections

.text Size: 201KB - Virtual size: 201KB

.data Size: 64KB - Virtual size: 64KB

.rsrc Size: 5KB - Virtual size: 8KB

.text
Size: 201KB - Virtual size: 201KB

.data
Size: 64KB - Virtual size: 64KB

.rsrc
Size: 5KB - Virtual size: 8KB