3c1ccbe969312776ab44bb506cdd5e69_JaffaCakes118

General

Target

3c1ccbe969312776ab44bb506cdd5e69_JaffaCakes118
Size

415KB
MD5

3c1ccbe969312776ab44bb506cdd5e69
SHA1

ca8ccb367163a84f3f7b7529082fcd81834621ee
SHA256

8b3bac8bc585df564376d04ecaa71de0f78c8773f25203006e5d90fc3f8c27ad
SHA512

e406a1e2d1b1ca16993a8f64c7dfe42e01f99c3924a9163977f14eabdc0b383e8522e693ed7a866d6f0cff8d3f6007feb81d374dde32f2c52ada116abb1ce192
SSDEEP

12288:G+x8Li8lOww3idNsenU/wIlGGGmoofIPTRLTvB59AoEJHOv7f:BidI/wI4Gl38tL1Ed0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3c1ccbe969312776ab44bb506cdd5e69_JaffaCakes118

Files

3c1ccbe969312776ab44bb506cdd5e69_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b5768d1e1cd9e92806483bc094b23c82

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptDuplicateHash
RegCreateKeyA
RegQueryInfoKeyA
CryptSetProviderW
GetUserNameA
RegQueryValueW
RegQueryMultipleValuesA
CryptGenKey
RegQueryMultipleValuesW
RegCreateKeyW
CryptVerifySignatureW
AbortSystemShutdownW
RegSetValueA

kernel32

VirtualQuery
ExitProcess
HeapDestroy
GetModuleFileNameA
HeapCreate
GetStartupInfoW
InitializeCriticalSection
EnumSystemLocalesA
DeleteCriticalSection
TlsSetValue
LoadLibraryA
GetCurrentProcessId
CopyFileExA
CreateDirectoryA
GetProcAddress
GlobalDeleteAtom
WriteFile
GetVersion
GetEnvironmentStrings
GetCurrentProcess
GetTickCount
IsBadWritePtr
GetEnvironmentStringsW
HeapReAlloc
GetThreadLocale
GetCurrentThread
SystemTimeToTzSpecificLocalTime
GetCommandLineW
TlsAlloc
GetCommandLineA
GetCurrentThreadId
SetHandleCount
LeaveCriticalSection
HeapAlloc
GetFileType
MultiByteToWideChar
FreeEnvironmentStringsA
GetStdHandle
VirtualAlloc
InterlockedExchange
HeapFree
TerminateProcess
VirtualFree
UnhandledExceptionFilter
GetStartupInfoA
GetSystemTimeAsFileTime
SetLastError
EnterCriticalSection
TlsFree
QueryPerformanceCounter
GetLastError
FreeEnvironmentStringsW
GetModuleHandleA
RtlUnwind
TlsGetValue
FileTimeToSystemTime
GetModuleFileNameW
EnumDateFormatsExW
GetPrivateProfileSectionNamesA

Sections

.text
Size: 129KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 277KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b5768d1e1cd9e92806483bc094b23c82

Headers

File Characteristics

Imports

advapi32

kernel32

Sections

.text Size: 129KB - Virtual size: 128KB

.rdata Size: 3KB - Virtual size: 9KB

.data Size: 277KB - Virtual size: 276KB

.rsrc Size: 5KB - Virtual size: 5KB

.text
Size: 129KB - Virtual size: 128KB

.rdata
Size: 3KB - Virtual size: 9KB

.data
Size: 277KB - Virtual size: 276KB

.rsrc
Size: 5KB - Virtual size: 5KB