3b9d55421dc8f800a1c9f670b6c5d689_JaffaCakes118

General

Target

3b9d55421dc8f800a1c9f670b6c5d689_JaffaCakes118
Size

1.5MB
MD5

3b9d55421dc8f800a1c9f670b6c5d689
SHA1

9640121dc94fbfaf8f52344158bcd635b85cfe79
SHA256

dce2d96077c35d2bd39b031613a2d589b14dd5c142cb3ef1fbc08e4c8bb3e685
SHA512

baaf4fa61596ce9626ae7267a7784153110b5ccb73aea1cee303727b19b89e93aa187e4281a1e550b6ef732bdd32814e0255b239fafebfec3e1d8d53f25a5dce
SSDEEP

24576:C2eMFpQijrCzAaz9KEVTBe99CBfkiPnfyh/c8/rYIqfdzX9XpfC9j4dkxKHexDJ9:t7N6zAorVA9CBfkgnfm/c8D8bzC90UX/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3b9d55421dc8f800a1c9f670b6c5d689_JaffaCakes118

Files

3b9d55421dc8f800a1c9f670b6c5d689_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5ef1a99ad0fb8258c83f3b2d119aea21

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crtdll

raise
iswgraph
_mbsnbcpy
_mbclen
_finite
rand
_exit

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

rpcrt4

short_from_ndr
float_from_ndr
float_array_from_ndr
enum_from_ndr
data_into_ndr
RpcTestCancel
RpcStringBindingParseA
RpcSsSetClientAllocFree
RpcSsEnableAllocate
RpcSsDestroyClientContext
RpcSsAllocate
RpcSmSetThreadHandle
RpcSmSetClientAllocFree
RpcSmFree
RpcServerUseAllProtseqsIfEx
RpcServerRegisterIfEx
RpcRaiseException
RpcObjectInqType
RpcMgmtWaitServerListen
RpcMgmtSetCancelTimeout
RpcMgmtInqStats
RpcMgmtEpEltInqNextA
RpcBindingSetObject
MesDecodeIncrementalHandleCreate
MesDecodeBufferHandleCreate
DceErrorInqTextA
CStdStubBuffer_CountRefs
tree_peek_ndr

ntdll

NtQuerySystemInformation
wcslen
NtCreateEvent
NtCreateSection
NtCreateSymbolicLinkObject
NtOpenThread
NtOpenThreadToken
NtQueryDefaultLocale
NtQueryInformationProcess
NtQueryInstallUILanguage
NtSetInformationObject
NtUnmapViewOfSection
NtWriteVirtualMemory
RtlAnsiStringToUnicodeString
RtlAppendUnicodeStringToString
RtlCreateTagHeap
RtlFreeSid
RtlLeaveCriticalSection
RtlNtStatusToDosError
RtlQueryRegistryValues

kernel32

EnumResourceTypesA
ExitProcess
FreeResource
GetACP
GetCommandLineA
GetDateFormatA
GetLocalTime
lstrlenA
lstrcmpiA
lstrcmpA
lstrcatA
WriteFile
VirtualFree
VirtualAlloc
UnmapViewOfFile
TlsSetValue
TlsAlloc
Sleep
SetUnhandledExceptionFilter
SetLastError
SetEndOfFile
SetCurrentDirectoryA
ReadFile
OpenFile
LocalAlloc
HeapAlloc
GetStartupInfoA
GetOEMCP
GetModuleHandleA
EnterCriticalSection

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 487KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5ef1a99ad0fb8258c83f3b2d119aea21

Headers

File Characteristics

Imports

crtdll

version

rpcrt4

ntdll

kernel32

Sections

.text Size: 32KB - Virtual size: 32KB

.data Size: 487KB - Virtual size: 1.1MB

.rsrc Size: 31KB - Virtual size: 30KB

.text
Size: 32KB - Virtual size: 32KB

.data
Size: 487KB - Virtual size: 1.1MB

.rsrc
Size: 31KB - Virtual size: 30KB