387e9a83b979da835e15f724873c2e98_JaffaCakes118

General

Target

387e9a83b979da835e15f724873c2e98_JaffaCakes118
Size

459KB
MD5

387e9a83b979da835e15f724873c2e98
SHA1

7afb3403a62956f4943b7d49a8c5ce73d33a09ac
SHA256

2658c2676db78d047768840bf7f4e89d050162b7e8a1ac0c12acda84167706c4
SHA512

4e67d3d32ea30b56e61d39d076a929a03314350ba81d8024264cc63cbe0969c03afdb8d7b3a25fa727c3f3727b7b5f8b3ac769ffb4f437288201427ce3f15be0
SSDEEP

6144:rl16qlB36drsbt9PHpAk1wEXhZm0viXpGhMImajdQ1chvSC6+o4rZ3vJQ7GqC8HI:JkK+YbrJAk1wEu3XpYd9vSN+lRQbw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
387e9a83b979da835e15f724873c2e98_JaffaCakes118

Files

387e9a83b979da835e15f724873c2e98_JaffaCakes118
.exe windows:5 windows x86 arch:x86

844db5ee58bb30e14c97c81b5a1aef73

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtAllocateVirtualMemory
NtLoadKey

advapi32

GetSecurityDescriptorControl
IsValidSecurityDescriptor
GetSecurityDescriptorLength
MakeSelfRelativeSD

rpcrt4

RpcBindingFree
NdrClientCall2
I_RpcExceptionFilter
RpcStringFreeW
RpcStringBindingComposeW
RpcBindingFromStringBindingW

user32

LoadStringW
LoadStringA
MessageBoxA
GetSystemMetrics

msvcrt

strchr
_adjust_fdiv
_vsnprintf
wcslen
__p__commode
wcschr
malloc
strcspn
wcscspn
__p__fmode
_except_handler3
free

kernel32

GetModuleHandleW
QueryPerformanceCounter
LocalFree
GetCurrentProcessId
GetStartupInfoA
TerminateProcess
ExitProcess
GetCurrentThreadId
GetSystemTimeAsFileTime
MultiByteToWideChar
WideCharToMultiByte
UnhandledExceptionFilter
GetCurrentProcess

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 226KB - Virtual size: 225KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 207KB - Virtual size: 936KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

844db5ee58bb30e14c97c81b5a1aef73

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

advapi32

rpcrt4

user32

msvcrt

kernel32

Sections

.text Size: 11KB - Virtual size: 11KB

.rsrc Size: 13KB - Virtual size: 13KB

.rdata Size: 226KB - Virtual size: 225KB

.data Size: 207KB - Virtual size: 936KB

.text
Size: 11KB - Virtual size: 11KB

.rsrc
Size: 13KB - Virtual size: 13KB

.rdata
Size: 226KB - Virtual size: 225KB

.data
Size: 207KB - Virtual size: 936KB