3220cd02b70fca92324fe9cd15c54917_JaffaCakes118

General

Target

3220cd02b70fca92324fe9cd15c54917_JaffaCakes118
Size

550KB
MD5

3220cd02b70fca92324fe9cd15c54917
SHA1

3a8b240c7d74ca33f2ed8a0549ed4f924364436c
SHA256

4288990dea07290ae524ea118193c8c4cac5701ef65c06bf9d11c1b405b07ec1
SHA512

507d992d6d427528b2e75fbdc0674064bc6f6bc37ea0c6b0ad523c22efbd32478da02f4ee501fb5b94148ec22ba88498f042e4ecfec4641e8bcf812d01c04146
SSDEEP

12288:MvHZpJuoe9JMwQYBce/f59TJrzK4rs2nFfQfa:MvHjJJgJ+6XfjTJr5Bfy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3220cd02b70fca92324fe9cd15c54917_JaffaCakes118

Files

3220cd02b70fca92324fe9cd15c54917_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3cf31b27b0cc22afc6b823c48947f8b3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crtdll

wcstombs
longjmp
isalnum
_umask
_loaddll
_itoa
_getw
_finite
_exit
_chmod
_CItanh

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

rpcrt4

tree_peek_ndr
long_from_ndr_temp
double_array_from_ndr
RpcSsAllocate
RpcServerUseProtseqExA
RpcServerUseAllProtseqs
RpcMgmtIsServerListening
RpcMgmtEnableIdleCleanup
RpcCancelThread
RpcBindingInqAuthClientExA
MesEncodeIncrementalHandleCreate
MIDL_wchar_strlen
CStdStubBuffer_CountRefs

ntdll

RtlCreateTagHeap
RtlCreateUnicodeString
RtlEqualSid
RtlCharToInteger
RtlFreeUnicodeString
RtlLeaveCriticalSection
RtlLockHeap
RtlNtStatusToDosError
RtlQueryRegistryValues
RtlUnwind
_wcsicmp
memmove
strstr
wcscat
NtUnmapViewOfSection
NtTerminateThread
NtSetValueKey
NtQueryValueKey
NtQueryInstallUILanguage
NtQueryInformationProcess
NtQueryDefaultLocale
NtOpenThreadToken
NtOpenSymbolicLinkObject
NtNotifyChangeKey
NtCreateSemaphore
NtClose
RtlExpandEnvironmentStrings_U

kernel32

EnterCriticalSection
EnumResourceLanguagesW
EnumResourceNamesA
ExitProcess
ExitThread
FlushFileBuffers
GetACP
GetCommandLineA
GetLastError
GetLocalTime
GetModuleHandleA
lstrlenA
lstrcpynA
lstrcmpA
lstrcatA
VirtualFree
VirtualAlloc
TlsAlloc
SetUnhandledExceptionFilter
SetLastError
OpenFileMappingA
LocalAlloc
LoadResource
LeaveCriticalSection
HeapAlloc
GetTimeFormatA
GetSystemDirectoryA
GetStartupInfoA
GetOEMCP
CompareStringA

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 487KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3cf31b27b0cc22afc6b823c48947f8b3

Headers

File Characteristics

Imports

crtdll

version

rpcrt4

ntdll

kernel32

Sections

.text Size: 31KB - Virtual size: 31KB

.data Size: 487KB - Virtual size: 1.1MB

.rsrc Size: 31KB - Virtual size: 30KB

.text
Size: 31KB - Virtual size: 31KB

.data
Size: 487KB - Virtual size: 1.1MB

.rsrc
Size: 31KB - Virtual size: 30KB