39d5fde632a4f02a37eddad98a5d5f3f_JaffaCakes118

General

Target

39d5fde632a4f02a37eddad98a5d5f3f_JaffaCakes118
Size

100KB
MD5

39d5fde632a4f02a37eddad98a5d5f3f
SHA1

65ca4c56b8d723e12e277ec11484a2b3f5251564
SHA256

844add3f499a07eaaf196276558e6d2bae91e30bd487169bbcfeca9a01bb728a
SHA512

0f265714d31555d1f6224cc3cb4fe5537fa7fa9dec1b399a3af77dab6215722da3cc3da4c81037b4c05cde6b867c6ea9650a618b8ce49e538bd70a9b40a7ec2f
SSDEEP

1536:eiHzDpnc4pXLlaSFT8oFeCW3GRVCvjGUeUMohMR0IJHwWZ+E5ywafB:lc4hkIwoFwG+viUj0FClQyPfB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
39d5fde632a4f02a37eddad98a5d5f3f_JaffaCakes118

Files

39d5fde632a4f02a37eddad98a5d5f3f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

402e0c5ee56d4e2a16f13061012d2954

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TerminateProcess
OpenProcess
GetCurrentProcessId
Process32First
CreateToolhelp32Snapshot
MultiByteToWideChar
WinExec
ResumeThread
Process32Next
Sleep
CreateProcessA
CreateFileMappingA
SetFileAttributesA
WriteFile
GetProcAddress
LoadLibraryA
GetModuleFileNameA
ExpandEnvironmentStringsA
CreateFileA
GetFileSize
ReadFile
GetLastError
FormatMessageA
DeleteFileA
GetCurrentProcess
QueueUserAPC
CloseHandle
GetStringTypeA
LCMapStringW
LCMapStringA
GetStringTypeW
SetEndOfFile
GetOEMCP
GetACP
GetCPInfo
SetFilePointer
FlushFileBuffers
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
HeapAlloc
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
VirtualAlloc
HeapReAlloc
SetStdHandle

advapi32

RegQueryValueExA
RegRestoreKeyA
RegOpenKeyA
RegSaveKeyA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA

ole32

CoCreateInstance
CoUninitialize
CoInitialize

psapi

EnumProcessModules
GetModuleFileNameExA

msvcrt

_strupr
_stricmp

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

402e0c5ee56d4e2a16f13061012d2954

Headers

File Characteristics

Imports

kernel32

advapi32

ole32

psapi

msvcrt

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 64KB - Virtual size: 67KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 64KB - Virtual size: 67KB