2c7ee86e55e33f8b3c895ef36bd66e9f_JaffaCakes118

General

Target

2c7ee86e55e33f8b3c895ef36bd66e9f_JaffaCakes118
Size

1.5MB
MD5

2c7ee86e55e33f8b3c895ef36bd66e9f
SHA1

6b0261aa9ffa65feb716bb638c5b8e1eb9ca75e6
SHA256

a346645de1d251122a0eff53c3e93cf9b85bd341ab90cd429673a5455c4fbd7b
SHA512

e3f652accc9e6b214893d997131b397a54e0701f37ce3f975237e64978a75c6d2e02903e3fa8323ac88a18d08f6477b84efd40f2d10a2cd108e313496785e1fd
SSDEEP

24576:wtfXZiphNmUulIpBwRmtNR+rHz7RO/sw9EbpgBO92:wtfwpclywRAR+rTg/s+Etmo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2c7ee86e55e33f8b3c895ef36bd66e9f_JaffaCakes118

Files

2c7ee86e55e33f8b3c895ef36bd66e9f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ab64a66b3779b2daeeba3ceb642cf3b5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GlobalUnlock
MoveFileA
SetUnhandledExceptionFilter
MultiByteToWideChar
GetStringTypeA
LocalUnlock
MoveFileExA
GetLargestConsoleWindowSize
FindVolumeMountPointClose
CompareStringA
GetNextVDMCommand
IsBadHugeReadPtr
FileTimeToSystemTime
GlobalAlloc
SetThreadIdealProcessor
GetCommandLineA
GetStartupInfoA
ExitProcess

ntdll

RtlConvertSidToUnicodeString
strlen
RtlQueryAtomInAtomTable
RtlInitializeRXact
RtlAddAccessAllowedAceEx
NtFlushWriteBuffer
NtSetInformationKey
ZwCreateIoCompletion
NtListenPort
LdrDisableThreadCalloutsForDll
NtReadFileScatter
RtlAcquireResourceExclusive
NtQueueApcThread
_ltow
NtDuplicateToken
RtlEnumerateGenericTableWithoutSplaying
RtlDeNormalizeProcessParams

Exports

Exports

IsSiauwugm

Sections

.d41
Size: 4KB - Virtual size: 4.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_PAGELK
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 103KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ab64a66b3779b2daeeba3ceb642cf3b5

Headers

File Characteristics

Imports

kernel32

ntdll

Exports

Exports

Sections

.d41 Size: 4KB - Virtual size: 4.8MB

_PAGELK Size: 1.4MB - Virtual size: 1.4MB

.idata Size: 2KB - Virtual size: 6KB

.rsrc Size: 103KB - Virtual size: 104KB

.reloc Size: - Virtual size: 4KB

.d41
Size: 4KB - Virtual size: 4.8MB

_PAGELK
Size: 1.4MB - Virtual size: 1.4MB

.idata
Size: 2KB - Virtual size: 6KB

.rsrc
Size: 103KB - Virtual size: 104KB

.reloc
Size: - Virtual size: 4KB