32472d40154ca8a5dbf38eee1ef1d091_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

32472d40154ca8a5dbf38eee1ef1d091_JaffaCakes118
Size

324KB
MD5

32472d40154ca8a5dbf38eee1ef1d091
SHA1

2a2f4ab2166021d286bcfdb0aa6e619795dab0f7
SHA256

9394c61bf28b7826d94934291dad70a1de8f09d02c346db1633c434f615a47e4
SHA512

acdd203cd19bc00eb959076c3432267bb677a2b9cfcdc37cbb74d26639cf8798854417b65cf21720739ca977cb4173d15b3a79b6c74202f13632159642afd99f
SSDEEP

6144:zcEVFlE9KSg/6Q/Qurt/0RVcshReCgoSxxqE7rT5+ybqw3DDG:xFlZrz/R/0lhPgbzBfbqADq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
32472d40154ca8a5dbf38eee1ef1d091_JaffaCakes118

Files

32472d40154ca8a5dbf38eee1ef1d091_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c6e5cdef6d76a3e2251cb37489741aff

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CharNextW

kernel32

lstrcpyW
lstrlenW
DisableThreadLibraryCalls
LoadResource
HeapDestroy
LoadLibraryExW
lstrlenA
FreeLibrary
GetLastError
lstrcpynW
InitializeCriticalSection
lstrcatW
EnterCriticalSection
FindResourceW
DeleteCriticalSection
lstrcmpiW
InterlockedIncrement
InterlockedDecrement
GetStartupInfoA
LeaveCriticalSection
MultiByteToWideChar
SizeofResource

msvcrt

_except_handler3
wcscpy
wcsncpy
free
wcsncat
_purecall
wcslen
__CxxFrameHandler
malloc
_initterm
realloc
_adjust_fdiv

ole32

CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc

ntdll

RtlAddAccessAllowedAce
NtAllocateVirtualMemory
RtlAdjustPrivilege

oleaut32

VariantClear

advapi32

RegCloseKey
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW

rpcrt4

RpcStringFreeW

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 298KB - Virtual size: 298KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c6e5cdef6d76a3e2251cb37489741aff

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

msvcrt

ole32

ntdll

oleaut32

advapi32

rpcrt4

Sections

.text Size: 9KB - Virtual size: 8KB

.rsrc Size: 12KB - Virtual size: 11KB

.data Size: 3KB - Virtual size: 1.4MB

.rdata Size: 298KB - Virtual size: 298KB

.tls Size: 512B - Virtual size: 4KB

.text
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 12KB - Virtual size: 11KB

.data
Size: 3KB - Virtual size: 1.4MB

.rdata
Size: 298KB - Virtual size: 298KB

.tls
Size: 512B - Virtual size: 4KB