27b91dabf80d346319d2fcdf80f64d44_JaffaCakes118

General

Target

27b91dabf80d346319d2fcdf80f64d44_JaffaCakes118
Size

168KB
MD5

27b91dabf80d346319d2fcdf80f64d44
SHA1

45bc74c3ffc7daf189313f71e827d473c2029e2f
SHA256

1b56d96eff90725b46dbb296a8040c0287595348e13bae96e2ccaa925f578fef
SHA512

877f87e992d7fce48c1140a5feb0b2ece3e5a64675cdd15a1ac834bd949d80693522eb5fa3363a938eac6b57f611657e8c91c958026fd5a47304ff50caab4f5b
SSDEEP

3072:+RyVr7XYpmZ5I3zmUgXi/ieb9hzxoMtN14wHe4uJtCxDSjaWIceDAvn+:+gZ5VU1jPJ4wHHSj9XJ+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
27b91dabf80d346319d2fcdf80f64d44_JaffaCakes118

Files

27b91dabf80d346319d2fcdf80f64d44_JaffaCakes118
.exe windows:4 windows x86 arch:x86

80fcca9fbeccf586365574edc711b383

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetDiskFreeSpaceA
CreateProcessA
GetShortPathNameA
GetEnvironmentVariableA
RemoveDirectoryA
RemoveDirectoryW
CreateEventW
GetVersion
LocalFree
LocalAlloc
SetEvent
WaitForSingleObject
GetCurrentProcess
LoadLibraryA
SetFileAttributesA
GetFileAttributesA
GetProfileStringW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
GetProcAddress
GetOEMCP
GetACP
GetCPInfo
WriteFile
RtlUnwind
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStringTypeW
GetModuleFileNameA
HeapFree
HeapAlloc
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
ExitProcess
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
TerminateProcess
UnhandledExceptionFilter

user32

GetActiveWindow
CreatePopupMenu
GetSysColorBrush
AppendMenuA
DrawFrameControl
PostMessageW
SetWindowLongA
IsDialogMessageW
GetMessageA
DrawIcon
LoadIconW
ReleaseCapture
LoadImageA
WindowFromPoint
GetWindowTextLengthA
SystemParametersInfoW
SetWindowsHookExA
RegisterClassExA
FillRect

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 940B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

80fcca9fbeccf586365574edc711b383

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 68KB - Virtual size: 67KB

.rdata Size: 44KB - Virtual size: 41KB

.data Size: 44KB - Virtual size: 65KB

.rsrc Size: 4KB - Virtual size: 940B

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 68KB - Virtual size: 67KB

.rdata
Size: 44KB - Virtual size: 41KB

.data
Size: 44KB - Virtual size: 65KB

.rsrc
Size: 4KB - Virtual size: 940B

.reloc
Size: 4KB - Virtual size: 1KB