2968afbae73e74de5e5db1394b4b4942_JaffaCakes118

General

Target

2968afbae73e74de5e5db1394b4b4942_JaffaCakes118
Size

200KB
MD5

2968afbae73e74de5e5db1394b4b4942
SHA1

1d0c1fb2c5d47773526ee0cebdca7da709d3b5fa
SHA256

614aa04e5429e5ce0cb5c6faf507c57eea7c637ec254787230fbda9dd8374d94
SHA512

d658ad5abbaca0e29417d71197a3f3f572bc2b72b45756ba78382616817a7c3868df5b48c59405930d5ac6817cc35add3f95ce3034f948e3c5714ebd3f49b383
SSDEEP

3072:Unn3fKDvDz8t8zrpQdbeFz9lqIhiE/T7tvVytKb6TCHDXJ+Q:+nvrtYrpQmVhiM1VyARDX8Q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2968afbae73e74de5e5db1394b4b4942_JaffaCakes118

Files

2968afbae73e74de5e5db1394b4b4942_JaffaCakes118
.exe windows:4 windows x86 arch:x86

aa9ae123fe89215eb02f4f835e223e9e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\debug\app.pdb

Imports

kernel32

VirtualFree
VirtualAlloc
LoadLibraryA
VirtualProtect
GetProcAddress
GetModuleHandleA
GetEnvironmentStrings
MoveFileA
VirtualLock
Sleep
CreateEventA
GetLocaleInfoA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RaiseException
LCMapStringW
LCMapStringA
VirtualAllocEx
CloseHandle
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
HeapSize
GetStartupInfoA
GetCommandLineA
GetVersionExA
SetHandleCount
GetStdHandle
GetFileType
GetLastError
ReadFile
HeapAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
WriteFile
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
HeapFree
SetFilePointer
HeapReAlloc
FlushFileBuffers
GetACP
GetOEMCP
GetCPInfo
RtlUnwind
InterlockedExchange
VirtualQuery
SetStdHandle
GetSystemInfo

user32

UpdateWindow
IsWindowEnabled
RegisterClassA
GetDesktopWindow
EnableWindow
GetWindow
IsZoomed
IsWindowUnicode

gdi32

GetPixel

shell32

ord195

psapi

GetModuleInformation

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 152KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aa9ae123fe89215eb02f4f835e223e9e

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

shell32

psapi

Sections

.text Size: 32KB - Virtual size: 28KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 152KB - Virtual size: 156KB

.rsrc Size: 4KB - Virtual size: 64KB

.text
Size: 32KB - Virtual size: 28KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 152KB - Virtual size: 156KB

.rsrc
Size: 4KB - Virtual size: 64KB