23bf734a16819acd1406845fce2028e4_JaffaCakes118

General

Target

23bf734a16819acd1406845fce2028e4_JaffaCakes118
Size

384KB
MD5

23bf734a16819acd1406845fce2028e4
SHA1

1c0b4fe1f3b863c84412ea43e7f84e8c79c86098
SHA256

d4837da822ab08668f8ab16ebbdea661550a2929e9146506c369f8c5722b3f64
SHA512

79f61564d09cf48d1f2668c1f11f257f44f93784a0c5ad2c9e6b5646356ef551581e283c5ef5f0b755d6520401767a4b53f4e29860fae625c2eb2f279f2223b5
SSDEEP

12288:xX4OhYvfAPUO+skR11/iD3047WfSPGr7O:COhcfTO+P11KoHKgO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
23bf734a16819acd1406845fce2028e4_JaffaCakes118

Files

23bf734a16819acd1406845fce2028e4_JaffaCakes118
.exe windows:5 windows x86 arch:x86

bd9a4f9939f74506147152999c99c8f6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_lseek
_beginthread
__fpecode
_atodbl
__unDName
_safe_fdivr
vprintf
_getws
_wgetenv
_wspawnv

ole32

WdtpInterfacePointer_UserSize
OleUninitialize
OleRegEnumFormatEtc
WriteOleStg
CoGetObject
PropSysFreeString

advapi32

AccessCheckByTypeAndAuditAlarmW
ElfFlushEventLog
RegLoadKeyW
ConvertStringSDToSDRootDomainA
LsaQuerySecurityObject
ElfChangeNotify
ConvertSidToStringSidA
SetSecurityDescriptorGroup
LookupAccountNameW

gdi32

GdiGetLocalBrush
PATHOBJ_vEnumStartClipLines
GetCharWidthW
SetDeviceGammaRamp
SetAbortProc

kernel32

GetStartupInfoA
SetInformationJobObject
GetConsoleKeyboardLayoutNameW
GetModuleHandleA
ValidateLCType
FindFirstChangeNotificationW
WriteFile
DebugActiveProcess
SearchPathA
GetProfileStringA
GlobalReAlloc
GetConsoleHardwareState
GetCommandLineA
VirtualProtectEx
HeapValidate

user32

CharUpperA
ShowCaret
GetClipboardFormatNameW
LoadKeyboardLayoutA
GetTabbedTextExtentW
CountClipboardFormats
CreateCaret
CharNextA

Sections

.text
Size: 380KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 541KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bd9a4f9939f74506147152999c99c8f6

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ole32

advapi32

gdi32

kernel32

user32

Sections

.text Size: 380KB - Virtual size: 380KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 1024B - Virtual size: 541KB

.text
Size: 380KB - Virtual size: 380KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 1024B - Virtual size: 541KB