32be47a4011caa93caf1308420878167_JaffaCakes118

General

Target

32be47a4011caa93caf1308420878167_JaffaCakes118
Size

2.8MB
MD5

32be47a4011caa93caf1308420878167
SHA1

d062958cc18ae2b60371b39ab72985bd9fd7bf33
SHA256

e3159602ded6a4ab6d3a4132452fad6bdb3b5064e0c2f0b143d137ffa565c521
SHA512

6894993b469f8e9a567af1f16be22c5bd2c5d3cc171013b4c642d03969320b71f7fab0b5a89dc2a1bc57a28b1dea42d977585b135aad1f83d1411af9bf8ea7fd
SSDEEP

49152:CTj9Sf4hkA1JS7XqQz57YNrlraA0eXIkaiGbHJWj+w/N1syI+BcHHOCO86D7EfD:m24mGJS7zzdWIeXI9i+pu9pI+KSAD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
32be47a4011caa93caf1308420878167_JaffaCakes118

Files

32be47a4011caa93caf1308420878167_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d4c5276421c7bb316aacb15c16b4d9f3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
strncpy
strlen
strcpy
strcat
memcpy
strcmp

kernel32

GetModuleHandleA
HeapCreate
GetCommandLineA
HeapDestroy
ExitProcess
HeapFree
HeapAlloc
GetCurrentThreadId
GetCurrentProcessId
InitializeCriticalSection
GetModuleFileNameA
GetCurrentProcess
DuplicateHandle
CloseHandle
CreatePipe
GetStdHandle
CreateProcessA
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
GetTickCount
Sleep
GetTempPathA
LoadLibraryA
GetProcAddress
FreeLibrary
CreateDirectoryA
GetDriveTypeA
FindFirstFileA
FindClose
GetFileAttributesA
CopyFileA
DeleteFileA
SetFileAttributesA
FindNextFileA
RemoveDirectoryA
WriteFile
CreateFileA
ReadFile
HeapReAlloc

comctl32

InitCommonControls

user32

MessageBoxA
GetWindowThreadProcessId
IsWindowVisible
IsWindowEnabled
GetForegroundWindow
EnableWindow
EnumWindows

advapi32

RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA

ole32

CoInitialize

shell32

ShellExecuteExA

Sections

.code
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d4c5276421c7bb316aacb15c16b4d9f3

Headers

File Characteristics

Imports

msvcrt

kernel32

comctl32

user32

advapi32

ole32

shell32

Sections

.code Size: 4KB - Virtual size: 4KB

.text Size: 10KB - Virtual size: 9KB

.rdata Size: 512B - Virtual size: 80B

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 9KB - Virtual size: 8KB

.code
Size: 4KB - Virtual size: 4KB

.text
Size: 10KB - Virtual size: 9KB

.rdata
Size: 512B - Virtual size: 80B

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 9KB - Virtual size: 8KB