32d522d150bdbd4f9f94debf7c77123c_JaffaCakes118

General

Target

32d522d150bdbd4f9f94debf7c77123c_JaffaCakes118
Size

139KB
MD5

32d522d150bdbd4f9f94debf7c77123c
SHA1

13af6a723485980fdddd51cd4275363991db3800
SHA256

ca87fc742871072a4610072839d7c6c1ecf048374c13b1c797ed02b8b8f89ecb
SHA512

810a343e998fd4e44c3288b40fc21a6015a3cdce7e40f48a47b0ce9ce07a0b7dfa9c17ecc0f5456ab81196c0267136d30757990dc7ecdd0560fabff6472a35c8
SSDEEP

3072:PkR6xUhDozupi7Z/c6JuP1wdkIkfqgebmp:Id9aS1wdeEbmp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
32d522d150bdbd4f9f94debf7c77123c_JaffaCakes118

Files

32d522d150bdbd4f9f94debf7c77123c_JaffaCakes118
.exe windows:5 windows x86 arch:x86

973e913e42426e6a2a89ae2045c51410

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

LoadStringA
CharNextA
MessageBoxA
wsprintfA

kernel32

GetSystemDirectoryA
WriteFile
GetCurrentThreadId
RaiseException
IsBadWritePtr
QueryPerformanceCounter
GetModuleFileNameA
lstrcatA
CreateFileA
GetModuleHandleA
GetStartupInfoA
CreatePipe
GetSystemTimeAsFileTime
LeaveCriticalSection
GetACP
InterlockedExchange
FreeLibrary
LoadLibraryExA
GetProcAddress
EnterCriticalSection
SetHandleContext
SetHandleInformation
CloseHandle
lstrcpynA
InitializeCriticalSection
GetTickCount
DeleteFileA
SizeofResource
LoadLibraryA
MultiByteToWideChar
WaitForSingleObject
GetCurrentProcessId
IsDBCSLeadByte
ReadFile
LoadResource
GetLocaleInfoA
GetCurrentThreadId
FindResourceA
GetShortPathNameA
lstrcmpiA
IsSystemResumeAutomatic
InterlockedDecrement
DeleteCriticalSection
LockResource
GetLastError
GetVersionExA
VirtualQuery
CreateProcessA
lstrlenA
lstrlenW
GetThreadLocale
ExitProcess
InterlockedIncrement
WideCharToMultiByte
MoveFileA
OutputDebugStringA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ljajqp
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 129KB - Virtual size: 243KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

973e913e42426e6a2a89ae2045c51410

Headers

File Characteristics

Imports

user32

kernel32

advapi32

version

Sections

.text Size: 9KB - Virtual size: 9KB

.data Size: 5KB - Virtual size: 122KB

.ljajqp Size: 3KB - Virtual size: 3KB

.edata Size: 129KB - Virtual size: 243KB

.text
Size: 9KB - Virtual size: 9KB

.data
Size: 5KB - Virtual size: 122KB

.ljajqp
Size: 3KB - Virtual size: 3KB

.edata
Size: 129KB - Virtual size: 243KB