4079c5a8163e0b3f29ea07e67b9eca30_JaffaCakes118

General

Target

4079c5a8163e0b3f29ea07e67b9eca30_JaffaCakes118
Size

436KB
MD5

4079c5a8163e0b3f29ea07e67b9eca30
SHA1

4e0d34d7f9b03cff8abe01a1564662e6531b340c
SHA256

77a9f68aeef4bc4b5368ef5c6f7bf7f64aa0a1ef15480746a2de18e6a9ed8253
SHA512

5561272e611582db07d498e0c2ef254973ec791d7104042b4d0729ae03ed8afcb24b2bf81be8dfb267d75c328ea39c135cbd7e9c8a553eace9f15b748b1c9f2e
SSDEEP

12288:LRS7nv5YOljRNWz426sg631HxnHFPVv+sOjfvsXX/0:LA7tBRgyCRPdSfvsn/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4079c5a8163e0b3f29ea07e67b9eca30_JaffaCakes118

Files

4079c5a8163e0b3f29ea07e67b9eca30_JaffaCakes118
.exe windows:4 windows x86 arch:x86

46afa96ff6798b006e27ee5debe30178

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcessId
VirtualQuery
SetSystemTime
GlobalFindAtomW
RtlUnwind
GetPrivateProfileStructW
GlobalLock
GetCurrentProcess
GetProcAddress
VirtualAlloc
GetCurrentThreadId
UnlockFileEx
HeapReAlloc
HeapAlloc
SetThreadAffinityMask
GetProfileIntW
HeapFree
InterlockedExchange
GetModuleFileNameA
TerminateProcess
GetModuleHandleA
ExitProcess
SetConsoleActiveScreenBuffer
LocalAlloc
GetProcessShutdownParameters
LoadLibraryA
GetTickCount
GetSystemTimeAsFileTime
SetLocaleInfoA
FindResourceExA
GetPrivateProfileSectionA
QueryPerformanceCounter
GetThreadPriority
FreeLibrary

user32

GetSystemMetrics
GetDlgItem
ChangeDisplaySettingsExA
GetClassNameA
UnpackDDElParam
CreateMDIWindowW
RealChildWindowFromPoint
ToUnicode

shell32

SHGetPathFromIDListW
SHAppBarMessage
DragQueryFile
ShellAboutW
InternalExtractIconListA
SHQueryRecycleBinA
SheChangeDirExW
RealShellExecuteA
ExtractIconExW
SHGetInstanceExplorer
SHChangeNotify
SHGetNewLinkInfo
InternalExtractIconListW
DragQueryPoint
CommandLineToArgvW
FreeIconList
DragQueryFileA
SHGetFileInfo

Sections

.text
Size: 158KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 266KB - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

46afa96ff6798b006e27ee5debe30178

Headers

File Characteristics

Imports

kernel32

user32

shell32

Sections

.text Size: 158KB - Virtual size: 157KB

.data Size: 266KB - Virtual size: 265KB

.rsrc Size: 11KB - Virtual size: 10KB

.text
Size: 158KB - Virtual size: 157KB

.data
Size: 266KB - Virtual size: 265KB

.rsrc
Size: 11KB - Virtual size: 10KB