3a87469517688c37b3c57cec21ddae35_JaffaCakes118

General

Target

3a87469517688c37b3c57cec21ddae35_JaffaCakes118
Size

390KB
MD5

3a87469517688c37b3c57cec21ddae35
SHA1

64a004c419ab2685b809781b9741b24450153ebe
SHA256

805de7eb4c7967b0ad4ddd43e1a759d48c4cc7794cab734519d4b2632806d63d
SHA512

7d432322cf1da478281145f4f0dbb2858b32cfab574f38bcb8f42aab2ff0a0304e597a80ec3e9f2f5db6dbf7179741aacdf88c074ff9b7825da69f686ba40231
SSDEEP

3072:NogM0AowGFgVS0dMW4gTCspbdWyV0IpP08xyzvEkdONeGdVp/3WC65e69lK:mJJowGK00dV4z0nV0IPyI4OY8f/X6l

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3a87469517688c37b3c57cec21ddae35_JaffaCakes118

Files

3a87469517688c37b3c57cec21ddae35_JaffaCakes118
.exe windows:5 windows x86 arch:x86

1b5edd72737ac57328d006bac0ed80f3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetWriteWatch
OpenEventA
LCMapStringA
GetCommConfig
GetProcessHeaps
GetModuleHandleA
GetFileAttributesW
CreateProcessA
GetEnvironmentStringsA
GetStartupInfoA
EnumDateFormatsA
FindVolumeMountPointClose
GetCommandLineA
DosPathToSessionPathW
SetVDMCurrentDirectories

msvcrt

_open_osfhandle
fprintf
iswdigit
_lrotl
__p__wcmdln
_findclose
__p__dstbias
__badioinfo
_rmtmp
_Getdays

ole32

HPALETTE_UserFree
HBRUSH_UserFree
CreatePointerMoniker
HBRUSH_UserUnmarshal
CoFreeLibrary
CreateAntiMoniker

gdi32

GetDCBrushColor
SetBoundsRect
GetEnhMetaFilePaletteEntries
PATHOBJ_vEnumStart
SetTextCharacterExtra

user32

PeekMessageA
IsCharAlphaA
SendMessageCallbackA
SetShellWindowEx
OemKeyScan
ModifyMenuW
ValidateRgn
DrawStateA

advapi32

CryptEnumProviderTypesA
SetEntriesInAccessListA
RegLoadKeyW
RegOpenKeyExA
CryptVerifySignatureA
LogonUserW
RegOpenUserClassesRoot
SystemFunction040
SetSecurityDescriptorRMControl

Sections

.text
Size: 147KB - Virtual size: 147KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 240KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1b5edd72737ac57328d006bac0ed80f3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

ole32

gdi32

user32

advapi32

Sections

.text Size: 147KB - Virtual size: 147KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 240KB - Virtual size: 260KB

.text
Size: 147KB - Virtual size: 147KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 240KB - Virtual size: 260KB