2947a59365205578d4ff6d93e09cc3af_JaffaCakes118

General

Target

2947a59365205578d4ff6d93e09cc3af_JaffaCakes118
Size

196KB
MD5

2947a59365205578d4ff6d93e09cc3af
SHA1

9ace417ee226d5fd982739a376525ce04c827de7
SHA256

e23e1f713f1f109a9432b05f2c32d00ca7e3eca158bca009f65d18e0cbfe1373
SHA512

7427e700838aecd8bbccf090c6e49731a72f679ca569f592ac2ed4f37ad8864071ec9074e2e9cf7af7c34cce3545cdd83ccd77f8b1a079556c136fda834a4e9b
SSDEEP

3072:Zt9KYKlRm1m+ICbrtSOuOaYrpBtgb8XP+EvzQGTNvderh3Q7zvY:Zt9gym+IqNuPXIfDzXT6rhg3g

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2947a59365205578d4ff6d93e09cc3af_JaffaCakes118

Files

2947a59365205578d4ff6d93e09cc3af_JaffaCakes118
.exe windows:4 windows x86 arch:x86

35b2554474798c2df0c267a416ecfefc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateEventW
FileTimeToSystemTime
GetVolumeInformationW
DeleteCriticalSection
GetLocalTime
CreateFileW
GetModuleHandleW
InitializeCriticalSection
EnterCriticalSection
GetProfileStringW
LCMapStringA
SetEnvironmentVariableA
GetOEMCP
GetACP
CompareStringW
CompareStringA
GetCPInfo
GetStringTypeW
GetStringTypeA
GetTimeZoneInformation
GetSystemTime
GetModuleHandleA
GetStartupInfoW
GetVersion
ExitProcess
HeapFree
GetLastError
CloseHandle
ReadFile
TerminateProcess
GetCurrentProcess
SetFilePointer
HeapAlloc
UnhandledExceptionFilter
GetModuleFileNameW
FreeEnvironmentStringsA
MultiByteToWideChar
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetEnvironmentStrings
GetCommandLineW
GetCommandLineA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
WriteFile
GetModuleFileNameA
WideCharToMultiByte
VirtualAlloc
HeapReAlloc
IsBadWritePtr
SetStdHandle
FlushFileBuffers
CreateFileA
GetProcAddress
LoadLibraryA
SetEndOfFile
LCMapStringW

shlwapi

StrToIntW
PathFindFileNameW
StrCmpNW
StrStrW
PathCreateFromUrlW
UrlIsW
PathIsURLW
StrRetToBufW

Exports

Exports

@Boja@8
@Igik@8
@Kazedidoro@8
@Zygof@8
@imawezasotinagy@8
@oteluhofabe@8

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 438KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

35b2554474798c2df0c267a416ecfefc

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shlwapi

Exports

Exports

Sections

.text Size: 72KB - Virtual size: 71KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 108KB - Virtual size: 438KB

.rsrc Size: 4KB - Virtual size: 824B

.text
Size: 72KB - Virtual size: 71KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 108KB - Virtual size: 438KB

.rsrc
Size: 4KB - Virtual size: 824B