2f194a6e0d13b652d7bd909b7e74686d_JaffaCakes118

General

Target

2f194a6e0d13b652d7bd909b7e74686d_JaffaCakes118
Size

34KB
MD5

2f194a6e0d13b652d7bd909b7e74686d
SHA1

b571376eee233987fe6509fa925be8b169e368bd
SHA256

b6a0646e93f739072f1476a85c483788ef951454fd4637ca2a390eaa9692accb
SHA512

7ddfc7389d60dc9f5307a92193c2145f48333998d59522dc7139e212c8ebe38037f40446c3bcd8d94e8788172d3f0e93662741ab6105a72e374a049cf2af9ce9
SSDEEP

768:xEBolguAPREI/VhMFsnH08ZlQcHoyQzbLNPD2:xEBL5rhMFooBzb4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2f194a6e0d13b652d7bd909b7e74686d_JaffaCakes118

Files

2f194a6e0d13b652d7bd909b7e74686d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

7473e7d211b29b2c3b73697357f1d181

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

ElfNumberOfRecords
ObjectOpenAuditAlarmA
I_ScGetCurrentGroupStateW
OpenBackupEventLogW
CreateServiceW
BuildImpersonateExplicitAccessWithNameW
CommandLineFromMsiDescriptor
ConvertStringSidToSidA
SystemFunction021

user32

PeekMessageA
WINNLSGetEnableStatus
VkKeyScanExA
RemovePropA
CallWindowProcA
EnumChildWindows
EndPaint
GetPriorityClipboardFormat

kernel32

MoveFileA
GetCommandLineA
ReadConsoleInputA
SetConsolePalette
GetModuleHandleA
GlobalAlloc
GetStartupInfoA
QueryPerformanceFrequency
GetBinaryType
GetOverlappedResult
RegisterWowBaseHandlers
EnumCalendarInfoA
GetCommModemStatus
SetConsoleScreenBufferSize
GetFullPathNameW

ole32

RegisterDragDrop
CoRegisterPSClsid
CoGetCurrentLogicalThreadId
CoQueryReleaseObject
CoGetClassObject
OleCreateMenuDescriptor

msvcrt

_adj_fprem
wcscmp
_rmtmp
_wsopen
_winver
wcstod
_getdrives
system
_strerror
_adj_fdivr_m16i

gdi32

EngLineTo
PolyTextOutW
EngStrokeAndFillPath
MoveToEx
GetDIBits

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7473e7d211b29b2c3b73697357f1d181

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

user32

kernel32

ole32

msvcrt

gdi32

Sections

.text Size: 27KB - Virtual size: 27KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 1024B - Virtual size: 960B

.text
Size: 27KB - Virtual size: 27KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 1024B - Virtual size: 960B