3444ecca0c5b67084a81798db70304b5_JaffaCakes118

General

Target

3444ecca0c5b67084a81798db70304b5_JaffaCakes118
Size

400KB
MD5

3444ecca0c5b67084a81798db70304b5
SHA1

64d3738643223fbb0f32995019dd3b50992a6aa0
SHA256

f6188f824be0ad4442f919d39c04b02fc6d5e0cb238382acf54b519284bb489c
SHA512

723771910842be0acf1f92f8533041efa939c21052f651495d39457bbd2f8a9e0a06c21be8fb45e6ccccda822b56665c0381ed7c3338207e36348990aae71612
SSDEEP

6144:Dx1CR2oX7x+63we7IMJwrxR5h+aEwVLjn1xadr1vFEDjNz:D2RBXk6WMJw1R5caE63m1v0Nz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3444ecca0c5b67084a81798db70304b5_JaffaCakes118

Files

3444ecca0c5b67084a81798db70304b5_JaffaCakes118
.dll windows:4 windows x86 arch:x86

cab739c7f5f1e81e3b840d3af1e77d0d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegQueryValueExA
RegEnumKeyExA
RegOpenKeyExA
RegCloseKey

kernel32

DeleteCriticalSection
EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
GetVersionExA
IsValidCodePage
MultiByteToWideChar
IsDBCSLeadByteEx
WideCharToMultiByte
RaiseException
RtlUnwind
GetCommandLineA
GetVersion
GetLastError
HeapFree
SetUnhandledExceptionFilter
HeapReAlloc
HeapAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
HeapSize
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
LCMapStringA
LCMapStringW
VirtualAlloc
IsBadWritePtr
IsBadReadPtr
IsBadCodePtr
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
GetStringTypeA
GetStringTypeW
SetStdHandle
FlushFileBuffers
CloseHandle

Exports

Exports

AXE_ParserGetVersion
AXE_ParserInit
AXE_ParserTerminate

Sections

.text
Size: 196KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 40KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cab739c7f5f1e81e3b840d3af1e77d0d

Headers

File Characteristics

Imports

advapi32

kernel32

Exports

Exports

Sections

.text Size: 196KB - Virtual size: 192KB

.rdata Size: 40KB - Virtual size: 37KB

.data Size: 40KB - Virtual size: 44KB

.rsrc Size: 100KB - Virtual size: 99KB

.reloc Size: 20KB - Virtual size: 17KB

.text
Size: 196KB - Virtual size: 192KB

.rdata
Size: 40KB - Virtual size: 37KB

.data
Size: 40KB - Virtual size: 44KB

.rsrc
Size: 100KB - Virtual size: 99KB

.reloc
Size: 20KB - Virtual size: 17KB