40b3e58adf13249f6b7d54232b2b59b4_JaffaCakes118

General

Target

40b3e58adf13249f6b7d54232b2b59b4_JaffaCakes118
Size

273KB
MD5

40b3e58adf13249f6b7d54232b2b59b4
SHA1

e2826156b46cbb7731d059f7e3978cd34e48ab3e
SHA256

128120842620514fdbfc16c090f15582ea59d646b7b1e2d2b79f98a552c36ecc
SHA512

eb34d57d1a8e9a7dea2397a0f3a33c791a4b27a74a590d3a6422bc9f15d8aaecf970c2667a906a2a2dfe3c1be6dd0206aab6f0921df5464bfc649f4481cccf76
SSDEEP

6144:Gz7NVebibQ0PFWuL18GRj38X2kb0PaahMKH2th9:U7NVebibQGWuL18Gp3Vkb0pMKA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
40b3e58adf13249f6b7d54232b2b59b4_JaffaCakes118

Files

40b3e58adf13249f6b7d54232b2b59b4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1e1271833345734a9b059d045e95a53b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetUserDefaultLCID
InterlockedIncrement
IsBadWritePtr
SetStdHandle
GetProcAddress
IsValidCodePage
HeapReAlloc
TlsFree
GetACP
GetTimeFormatA
GetCurrentProcessId
TlsSetValue
DeleteCriticalSection
GetLocaleInfoA
UnhandledExceptionFilter
GetModuleHandleA
IsValidLocale
GetLogicalDriveStringsW
VirtualFree
OutputDebugStringA
GetOEMCP
WideCharToMultiByte
GetCommandLineA
HeapDestroy
LCMapStringW
DebugBreak
GetStringTypeW
CompareStringA
GetStdHandle
ExitProcess
GetTickCount
CloseHandle
TlsGetValue
HeapFree
GetEnvironmentStrings
GetModuleFileNameA
GetVersionExA
LoadLibraryA
QueryPerformanceCounter
GetDateFormatA
VirtualAlloc
SetHandleCount
GetCPInfo
WriteFile
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
RtlUnwind
GetEnvironmentStringsW
GetLocaleInfoW
GetStartupInfoW
SetEnvironmentVariableA
VirtualProtect
IsBadReadPtr
GetCommandLineW
GetSystemTimeAsFileTime
GetFileType
FlushFileBuffers
FillConsoleOutputAttribute
GetLastError
GetModuleFileNameW
EnumSystemLocalesA
SetLastError
LeaveCriticalSection
HeapCreate
EnterCriticalSection
GetStartupInfoA
SetFilePointer
CompareStringW
InterlockedDecrement
TlsAlloc
GetStringTypeA
GetProcessHeaps
InterlockedExchange
GetTimeZoneInformation
GetSystemInfo
GetCurrentThread
MultiByteToWideChar
FreeEnvironmentStringsW
FreeEnvironmentStringsA
LCMapStringA
InitializeCriticalSection
HeapAlloc
SetConsoleCtrlHandler
GlobalGetAtomNameA
MapViewOfFileEx
HeapValidate
VirtualQuery

shell32

SheSetCurDrive
ShellAboutW
SHFreeNameMappings
SHGetSpecialFolderLocation
DragQueryPoint

Sections

.text
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 118KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1e1271833345734a9b059d045e95a53b

Headers

File Characteristics

Imports

kernel32

shell32

Sections

.text Size: 144KB - Virtual size: 144KB

.data Size: 118KB - Virtual size: 139KB

.rsrc Size: 9KB - Virtual size: 9KB

.text
Size: 144KB - Virtual size: 144KB

.data
Size: 118KB - Virtual size: 139KB

.rsrc
Size: 9KB - Virtual size: 9KB