41a71ae2abb3fc12ca5bf7ef5a15320d_JaffaCakes118

General

Target

41a71ae2abb3fc12ca5bf7ef5a15320d_JaffaCakes118
Size

100KB
MD5

41a71ae2abb3fc12ca5bf7ef5a15320d
SHA1

0e0ebf9fa1a3802c981c098ab388c2f7f37b9d19
SHA256

a52cec92926638fa8a01b52bb52e1eacadcf8c87961126559a7edf5fe2183ac7
SHA512

ec12c0aa2997123889ee576854ba3768dcc9e394e505e6a7ded487fdf5ac427d0e037647948325e11aff167479e4953227e7e5d8dfd8bc081c14d3c84d9ad684
SSDEEP

1536:SiHO6LXpZkBX1vDLFJsT+uUbHp5KuRYgEb1N4BkFwaoSBenFTVon2Rbx:pHO6j7aVFJsT+uep5lRk4OFdoSSFTVO4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
41a71ae2abb3fc12ca5bf7ef5a15320d_JaffaCakes118

Files

41a71ae2abb3fc12ca5bf7ef5a15320d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

814fce58867c2cba4caaa6e045a4c000

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mspdb60

PDBOpenTpi
PDBQuerySignature
PDBQueryAge
PDBExportValidateInterface
PDBOpen
?fCreate@WidenTi@@SAHAAPAU1@IH@Z
TypesQueryTiMinEx
TypesQueryTiMacEx
TypesQueryPbCVRecordForTiEx
TypesClose
PDBClose

msvcrt

realloc
_chsize
calloc
_close
_stat
_sopen
free
_read
_lseek
_write
malloc
memmove
fprintf
exit
_setmode
_strdup
_except_handler3
_strcmpi
toupper
printf
_makepath
_iob
puts
sprintf
qsort
strncmp
memcmp
fflush
_mbsicmp
_mbsnbcpy
_mbsnbicmp
_exit
_XcptFilter
__p___initenv
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
__p__pgmptr
_splitpath

kernel32

GetModuleHandleA
LoadLibraryA
CreateFileMappingA
MapViewOfFileEx
UnmapViewOfFile
SetFilePointer
SetEndOfFile
CloseHandle
CreateFileA
GetProcAddress
GetFileSize

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.kdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

814fce58867c2cba4caaa6e045a4c000

Headers

File Characteristics

Imports

mspdb60

msvcrt

kernel32

Sections

.text Size: 64KB - Virtual size: 63KB

.data Size: 4KB - Virtual size: 14KB

.rsrc Size: 8KB - Virtual size: 4KB

.kdata Size: 20KB - Virtual size: 20KB

.text
Size: 64KB - Virtual size: 63KB

.data
Size: 4KB - Virtual size: 14KB

.rsrc
Size: 8KB - Virtual size: 4KB

.kdata
Size: 20KB - Virtual size: 20KB