48968661b89eb4ba6716be78de925b84_JaffaCakes118

General

Target

48968661b89eb4ba6716be78de925b84_JaffaCakes118
Size

44KB
MD5

48968661b89eb4ba6716be78de925b84
SHA1

8d3ea726eff6427c3efaf76d4c93e20144c7d774
SHA256

57b0b486e26610c50b0f223af93fbd4936a35b620a27a371beb7f221b95b63c5
SHA512

9f09661e429019d29666affe56538bc5211b08989abbc470f4aa0e149da0ff54e93f8930048b0762ede255f0c3a87f50c10f982f397ae510af076483578f90d4
SSDEEP

768:/RnAkXsukGvwftrzDWQcrYSwNYB9W95Tu8zkFCbvw5q/89qJm1kq:5nAkXuGvwp8Y/Y/w1/wFCN8951b

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
48968661b89eb4ba6716be78de925b84_JaffaCakes118

Files

48968661b89eb4ba6716be78de925b84_JaffaCakes118
.exe windows:5 windows x86 arch:x86

4cc9be9f40f36c9ff5ebb12b1d5041f9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
SearchPathA
CreateFileW
GetTempPathA
GetTempFileNameW
OpenThread
VirtualQuery
SearchPathW
GetThreadContext
FormatMessageA
GetDiskFreeSpaceW
GetStartupInfoA
TermsrvAppInstallMode
ReleaseSemaphore
SetConsoleWindowInfo
CompareFileTime
FreeLibrary
SetInformationJobObject
CreateFileMappingA
SetFilePointer
ExitProcess
GetProcAddress
LCMapStringW
ReadFile
MapViewOfFile
GetShortPathNameW
SetVolumeLabelA
GetLongPathNameW
InterlockedExchange
GetTempPathW
HeapReAlloc
CreateProcessA
GetLogicalDriveStringsA
GetProcessHeap
HeapAlloc
FreeEnvironmentStringsW
CreateTimerQueue
LCMapStringA
GetFileSize
LocalFree
RaiseException
GetStringTypeW
GetStringTypeA
HeapFree
GetThreadLocale
GetCommandLineA
CreateFileA
DeviceIoControl
GlobalMemoryStatusEx
SetLastError
WriteFile

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

advapi32

RegQueryValueExA
RegSetValueExA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyA
RegEnumValueA

shell32

SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA
SHGetSpecialFolderLocation
SHGetFileInfoA
SHFileOperationA
SHGetMalloc

ole32

CoQueryClientBlanket
CreateDataAdviseHolder
OleBuildVersion
CoLockObjectExternal

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dudf
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 138KB - Virtual size: 267KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4cc9be9f40f36c9ff5ebb12b1d5041f9

Headers

File Characteristics

Imports

kernel32

version

advapi32

shell32

ole32

Sections

.text Size: 7KB - Virtual size: 6KB

.data Size: 8KB - Virtual size: 120KB

.dudf Size: 3KB - Virtual size: 3KB

.edata Size: 138KB - Virtual size: 267KB

.text
Size: 7KB - Virtual size: 6KB

.data
Size: 8KB - Virtual size: 120KB

.dudf
Size: 3KB - Virtual size: 3KB

.edata
Size: 138KB - Virtual size: 267KB