284503f78e7a783db394c73652616a36_JaffaCakes118

General

Target

284503f78e7a783db394c73652616a36_JaffaCakes118
Size

392KB
MD5

284503f78e7a783db394c73652616a36
SHA1

eb3c5e75ce2156f1ee0f5fa5eb2a1c9d1143de3d
SHA256

6bf92ec29981a9d868dd1d6f4dd42939aae2f5fedad8fef758259b296c7f1a95
SHA512

eb4ef7930cebe8d2d0cc4ebaf1258d94c2e1002ca4f848d2a9697327cb67e8468c4fc88e939fbc75743232bba4583ffa7a3dc9786c497a6d3646e0639f6b7abd
SSDEEP

12288:5TxwmT+H6SihS4KJk89rPxx3IzPgCnNQ:JxwO+Oh3Akip0n

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
284503f78e7a783db394c73652616a36_JaffaCakes118

Files

284503f78e7a783db394c73652616a36_JaffaCakes118
.exe windows:4 windows x86 arch:x86

fcfd62b71f3f8f7596b6c39eb057e55a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapCreate
GetEnvironmentStringsW
GetCurrentThread
GetCPInfo
RtlUnwind
VirtualFree
GetACP
GetCurrentProcess
TlsAlloc
VirtualAlloc
GetFileType
LCMapStringA
HeapReAlloc
LeaveCriticalSection
EnterCriticalSection
LCMapStringW
GetStdHandle
InterlockedExchange
GetModuleFileNameA
GetStringTypeW
UnhandledExceptionFilter
ExitProcess
InitializeCriticalSection
TlsSetValue
SetSystemTime
LoadLibraryA
GetTickCount
GetSystemTimeAsFileTime
TlsFree
GetStartupInfoA
CreateSemaphoreW
QueryPerformanceCounter
GetVersion
SetLastError
DeleteCriticalSection
VirtualQuery
GetCurrentThreadId
GetOEMCP
HeapAlloc
SetHandleCount
HeapFree
OutputDebugStringA
TerminateProcess
GetCurrentProcessId
FreeEnvironmentStringsW
WideCharToMultiByte
TlsGetValue
GetPrivateProfileIntA
CreateDirectoryA
GetLastError
IsBadWritePtr
WriteFile
GetStringTypeA
GetProcAddress
MultiByteToWideChar
GetEnvironmentStrings
GetCommandLineA
GetModuleHandleA
SetThreadIdealProcessor
HeapDestroy
FreeEnvironmentStringsA

advapi32

RegCreateKeyA
RegCreateKeyExA
CryptEnumProviderTypesW
RegDeleteValueA
CryptImportKey

user32

GetInputDesktop
GetWindowTextLengthW
DdePostAdvise
PostMessageW
SetParent
DeferWindowPos
EditWndProc
GetUserObjectInformationW
SetMessageQueue

Sections

.text
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 268KB - Virtual size: 291KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fcfd62b71f3f8f7596b6c39eb057e55a

Headers

File Characteristics

Imports

kernel32

advapi32

user32

Sections

.text Size: 120KB - Virtual size: 119KB

.data Size: 268KB - Virtual size: 291KB

.rsrc Size: 3KB - Virtual size: 2KB

.text
Size: 120KB - Virtual size: 119KB

.data
Size: 268KB - Virtual size: 291KB

.rsrc
Size: 3KB - Virtual size: 2KB