30b60ff63952e92b6c241df03dbbed11_JaffaCakes118

General

Target

30b60ff63952e92b6c241df03dbbed11_JaffaCakes118
Size

141KB
MD5

30b60ff63952e92b6c241df03dbbed11
SHA1

d06624072c8270bf76695d3a063c8f2640ace4bb
SHA256

0b6a5315ca79cdd388a064d728849d5bb0e91158300d8ed0c6b0947a07ed1bb7
SHA512

6548d55ca23a777448ab2a9ff8f9c30ea391c3df1c5429efb9b42a41847011bcaf392c94143bbdb4a7e2fea7207e57ef1e86dfb2f7250a0ff94167f370f6bbb9
SSDEEP

3072:XFVA1T+YnRiFSZip9RYoBza+7Sfj4nKmm3Ytl5mTKqAxMm:XLA1TzUFSZu9LBW+2L4Kmm3Y/om

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
30b60ff63952e92b6c241df03dbbed11_JaffaCakes118

Files

30b60ff63952e92b6c241df03dbbed11_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bf0956ad84978d71f7203b87e1d75c80

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DefineDosDeviceW
Heap32ListNext
GetProcessTimes
GlobalHandle
QueryDosDeviceA
FreeResource
QueryDepthSList
EnumResourceTypesA
SetCurrentDirectoryA
Thread32First
Heap32Next
GetConsoleOutputCP
SetEnvironmentVariableA
CreateFiber
ReadConsoleOutputCharacterW
GetStringTypeExA
IsProcessorFeaturePresent
GetProfileIntW
EnumResourceLanguagesW
LCMapStringA
GetProcessShutdownParameters
IsBadReadPtr
WritePrivateProfileStructA
SetConsoleTitleW
FreeLibraryAndExitThread
SetComputerNameA
GlobalAddAtomA
FindResourceA
WritePrivateProfileStructW
WriteConsoleOutputA
CreateConsoleScreenBuffer
WaitForDebugEvent
GetFileAttributesW
GetThreadContext
CreateSemaphoreA
SetLocaleInfoA
CreateDirectoryExA
GetFileSize
GetCPInfoExW
IsBadWritePtr
lstrcmpiW
SwitchToThread
EnumResourceNamesW
PostQueuedCompletionStatus
EnumCalendarInfoExA
WriteProfileSectionA
InterlockedIncrement
FreeConsole
GetDriveTypeW
GetVolumeInformationA
GetCurrentThread
SetCurrentDirectoryW
SetCalendarInfoW
CopyFileA
GetLastError
FindAtomA
FindNextFileW
GetProcessHeap
ClearCommBreak
SwitchToFiber
ConvertThreadToFiber
IsBadStringPtrW
SetConsoleWindowInfo
GetEnvironmentStrings

gdi32

DeleteObject
DeleteDC
SelectObject
CreateDIBSection
CreateCompatibleDC
GetDeviceCaps
CreateDCW
BitBlt

Exports

Exports

DKi
DUii
DWiyy
DYp

Sections

.text
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bf0956ad84978d71f7203b87e1d75c80

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdi32

Exports

Exports

Sections

.text Size: 89KB - Virtual size: 89KB

.rdata Size: 22KB - Virtual size: 22KB

.data Size: 28KB - Virtual size: 28KB

.text
Size: 89KB - Virtual size: 89KB

.rdata
Size: 22KB - Virtual size: 22KB

.data
Size: 28KB - Virtual size: 28KB