2438c91b0de54c5393c27d2430ef676a_JaffaCakes118

General

Target

2438c91b0de54c5393c27d2430ef676a_JaffaCakes118
Size

40KB
MD5

2438c91b0de54c5393c27d2430ef676a
SHA1

22c8754fb8a424eebeadfadd6db074f4fa9e36a8
SHA256

19e84a6baed2d90c22f503a638227a772af73194c028b77b6a829b1b61240902
SHA512

c969c56519d57740cb24ea4eb6101a5d472bfc5b8f2fa5ddc33b2e14f304e47ee0077e5cdd5282ffc94c208f04d98819418e3429a97b68da8aa66093d08ecc65
SSDEEP

384:b7xJSSulZ0K4RUxhyTBKBpZ3YRP32JXRWbIF0iZI8evk2uSGlmkC6DREzWvflSyI:b1JSf6UOPGJ4sWiZI8es230fnGiXlS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2438c91b0de54c5393c27d2430ef676a_JaffaCakes118

Files

2438c91b0de54c5393c27d2430ef676a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

45b5d5804088e4500b6cdfdd9c01e30f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\Download\peldr4\peldr9\Release\peldr9.pdb

Imports

shlwapi

StrStrA

kernel32

GetSystemInfo
GetCPInfo
CreateFileA
ReadFile
SetFilePointer
WriteFile
CloseHandle
GetFileSize
GlobalAlloc
GetCurrentProcessId
ExitProcess
CreateFileW
GetModuleHandleA
Sleep
VirtualAlloc
GetTickCount
GetProcAddress
LoadLibraryA
GetModuleFileNameA
GetLastError
lstrcpyA
GetModuleFileNameW
GetSystemTime
GetCommandLineA
VirtualProtect
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
GetOEMCP
GetStartupInfoA
GetVersionExA
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
HeapAlloc
TerminateProcess
GetCurrentProcess
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
InterlockedExchange
VirtualQuery
HeapReAlloc
GetACP
HeapSize

user32

GetForegroundWindow
GetDesktopWindow
GetWindowLongA
GetActiveWindow
GetSystemMetrics
GetDC

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

45b5d5804088e4500b6cdfdd9c01e30f

Headers

File Characteristics

PDB Paths

Imports

shlwapi

kernel32

user32

Sections

.text Size: 20KB - Virtual size: 18KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 47KB

.rsrc Size: 4KB - Virtual size: 696B

.text
Size: 20KB - Virtual size: 18KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 47KB

.rsrc
Size: 4KB - Virtual size: 696B