41eb3ed973a0aa11a11e9e0f2c9ed45b_JaffaCakes118

General

Target

41eb3ed973a0aa11a11e9e0f2c9ed45b_JaffaCakes118
Size

128KB
MD5

41eb3ed973a0aa11a11e9e0f2c9ed45b
SHA1

bbb680f553d44a70de3948e7dcbac576a877f858
SHA256

0d3b3202ff2bacbc3902063e4b87e65ecc591bd34ec0607f71880ac4409d0ec8
SHA512

82e5be2c91a6d914b8fa993e41f749e6853ab366233b6cc86cb453bf60b8f74b085ff97a8e71bc54c5b6060f9c9dbada6192bedd61e5da95b33b2967bfef7936
SSDEEP

1536:muLtOlkuTByGylyvKl71H9jxOfficbwKpHOS5+AKgvXHtqzBHhWlGGd/Gh7K2CtB:ikuIlyvKl7zoNBCivX2BB59CtB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
41eb3ed973a0aa11a11e9e0f2c9ed45b_JaffaCakes118

Files

41eb3ed973a0aa11a11e9e0f2c9ed45b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c812ba7d45e8b80b24855f8c9ed05769

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\temp\laks\tot\src\tools\install\app\sysinfo\Release\SysInfo.pdb

Imports

kernel32

InterlockedDecrement
LCMapStringW
LCMapStringA
GetSystemInfo
VirtualProtect
GetLocaleInfoA
GetCPInfo
GetOEMCP
GetACP
LoadLibraryA
GetLastError
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
LocalFree
RtlUnwind
ExitProcess
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersionExA
HeapAlloc
RaiseException
HeapFree
GetProcAddress
TerminateProcess
GetCurrentProcess
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
WriteFile
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
HeapSize
SetUnhandledExceptionFilter
InterlockedExchange
VirtualQuery
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW

advapi32

RegCreateKeyExA
RegSetValueExA

ole32

CoUninitialize
CoInitializeEx
CoCreateInstance
CoSetProxyBlanket

oleaut32

VariantInit
VariantClear
SysFreeString
SysAllocString

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c812ba7d45e8b80b24855f8c9ed05769

Headers

File Characteristics

PDB Paths

Imports

kernel32

advapi32

ole32

oleaut32

Sections

.text Size: 32KB - Virtual size: 29KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 84KB - Virtual size: 84KB

.text
Size: 32KB - Virtual size: 29KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 84KB - Virtual size: 84KB