41eadf914d13003f70bdde89d5317a14_JaffaCakes118

General

Target

41eadf914d13003f70bdde89d5317a14_JaffaCakes118
Size

148KB
MD5

41eadf914d13003f70bdde89d5317a14
SHA1

71bf85a5fcdd14d213db598bdabc90dc2b577f7d
SHA256

c2efa6bd4cde7273955f7a183bbf1dcddfbc6d84bcfde1451c27e5e328a2f668
SHA512

0a9434c20250a901e1259d2027788d5872f9442c8bfece550dccf823f2128d30b7fc72aa3dda130a7042150b5945d887abb7a794d29cc87ec4d7200d2d0340ae
SSDEEP

3072:Gawyx43gfJ61TWihQvalAG+eGJjcAc2wp:4yePToTGSjcAcVp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
41eadf914d13003f70bdde89d5317a14_JaffaCakes118

Files

41eadf914d13003f70bdde89d5317a14_JaffaCakes118
.exe windows:4 windows x86 arch:x86

be2f5dbae2117e952f07d261ee8885f7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\uvacod\Sato\Jekol\oba\ypivy\ujez.pdb

Imports

kernel32

MoveFileExW
GetCurrentProcessId
GetFileTime
FindCloseChangeNotification
FindNextChangeNotification
FindFirstChangeNotificationW
GetCurrentProcess
LoadLibraryW
GetProfileStringW
lstrlenW
GetACP
GetStringTypeW
GetStringTypeA
GetCPInfo
GetLocaleInfoA
GetSystemInfo
VirtualProtect
LCMapStringW
WideCharToMultiByte
ExitProcess
GetProcAddress
GetModuleHandleA
TerminateProcess
HeapFree
HeapReAlloc
HeapAlloc
GetStartupInfoW
GetVersionExA
GetLastError
CloseHandle
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
WriteFile
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
GetModuleFileNameW
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapSize
SetStdHandle
FlushFileBuffers
CreateFileA
LoadLibraryA
RtlUnwind
InterlockedExchange
VirtualQuery
SetFilePointer
SetEndOfFile
ReadFile
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetSystemTimeAsFileTime
LCMapStringA
GetOEMCP

user32

FillRect
TrackPopupMenu
DrawFrameControl
PostMessageW
SetWindowLongW
IsDialogMessageW
GetActiveWindow
AppendMenuW

Sections

.text
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 399KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

be2f5dbae2117e952f07d261ee8885f7

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

Sections

.text Size: 48KB - Virtual size: 45KB

.rdata Size: 48KB - Virtual size: 47KB

.data Size: 4KB - Virtual size: 399KB

.rsrc Size: 44KB - Virtual size: 41KB

.text
Size: 48KB - Virtual size: 45KB

.rdata
Size: 48KB - Virtual size: 47KB

.data
Size: 4KB - Virtual size: 399KB

.rsrc
Size: 44KB - Virtual size: 41KB