2b1d58202d1388bc85c6628b9acfd2b7_JaffaCakes118

General

Target

2b1d58202d1388bc85c6628b9acfd2b7_JaffaCakes118
Size

74KB
MD5

2b1d58202d1388bc85c6628b9acfd2b7
SHA1

86f4dae400749fce9faf9e08293246a27d5b7933
SHA256

0605146e89fff78d4c70ba035808218e6dcd1315a1a1ad6f959229953959c680
SHA512

4f096cea29e38ba8aeb61b032ec1c7a25c0aaf12be727a44c5c77e0005e432cf0ee9e5e3cae14ae69be6ac956c434cdc2eaa51ff157f0b99b45c0df31adc9e8e
SSDEEP

1536:N5y8C1BXVyjIBilE0ST1z+DA93nSxUD2fSv8CgYtuM:N5jCPXVyjINh4UqKv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b1d58202d1388bc85c6628b9acfd2b7_JaffaCakes118

Files

2b1d58202d1388bc85c6628b9acfd2b7_JaffaCakes118
.exe windows:6 windows x86 arch:x86

74a2157f9a2ce1b8a5fef6b188133874

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmpiW
CloseHandle
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
Wow64DisableWow64FsRedirection
GetModuleHandleW
GetProcAddress
LoadLibraryW
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
GetLastError
GetCommandLineW
GetEnvironmentVariableW
CreateFileW
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
GetDriveTypeW
GetFileSizeEx
GetLogicalDrives
QueryDosDeviceW
ReadFile
SetFilePointer
WriteFile
GetVolumePathNamesForVolumeNameW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
Sleep
GetCurrentProcess
GetCurrentProcessId
ExitProcess
CreateThread
GetCurrentThread
SetThreadPriority
SetPriorityClass
GetSystemInfo
Wow64RevertWow64FsRedirection
GetModuleFileNameW
LocalFree
WaitForMultipleObjects
lstrcatW
lstrlenW
CopyFileW
SetVolumeMountPointW
OpenProcess
K32GetModuleFileNameExW
FindClose
FindFirstFileW
FindNextFileW
SleepConditionVariableCS
ExitThread
GetFileAttributesW
SetEndOfFile
SetFileAttributesW
SetFilePointerEx
FlushViewOfFile
MoveFileExW

ntdll

memmove
qsort
bsearch
NtQueryVirtualMemory
RtlUnwind
memcpy
memset

rstrtmgr

RmShutdown
RmGetList
RmRegisterResources
RmEndSession
RmStartSession

shlwapi

PathFindFileNameW
PathFindExtensionW

Sections

.rdata
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

74a2157f9a2ce1b8a5fef6b188133874

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ntdll

rstrtmgr

shlwapi

Sections

.rdata Size: 74KB - Virtual size: 73KB

.rdata
Size: 74KB - Virtual size: 73KB