4a6487ee890144eab506ec20a542f3d8_JaffaCakes118

General

Target

4a6487ee890144eab506ec20a542f3d8_JaffaCakes118
Size

312KB
MD5

4a6487ee890144eab506ec20a542f3d8
SHA1

4300ce25e164d3af12958dce1b1b5b5fa22d3413
SHA256

66271efa64c3b9a864f6a3aaeb2602387f6c615f911741b6262142caacd7b7d2
SHA512

6c92545597fe95a00083d8ef9e71dca4f55282eaa836e8de6555d73ed7239c37e917ace860e9a668f6a42b85d7a70776889de6be4b5bf95eb7485caeee1c6987
SSDEEP

6144:6+dEykNjUS709g99YJ54K01bYVUCC3VwPhT0HGHMUs7:6+di0i4JuJ1sVUtwV0HGG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4a6487ee890144eab506ec20a542f3d8_JaffaCakes118

Files

4a6487ee890144eab506ec20a542f3d8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0dbbdf1c39460800975445e84854181c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

QueryServiceConfigA
LsaAddAccountRights

gdi32

ModifyWorldTransform
GdiArtificialDecrementDriver

kernel32

DisableThreadLibraryCalls
GetCurrentProcess
GetVersionExW
InterlockedCompareExchange
InterlockedExchange
Sleep
TerminateProcess
LoadResource
FindResourceA
ExitProcess
VirtualAlloc
VirtualProtect
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
GetSystemTimeAsFileTime
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersionExA
GetProcAddress
WriteFile
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapDestroy
HeapCreate
VirtualFree
HeapFree
LoadLibraryA
GetACP
GetOEMCP
GetCPInfo
HeapAlloc
HeapReAlloc
RtlUnwind
VirtualQuery
HeapSize
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemInfo

ole32

CoGetObject

rpcrt4

NdrUserMarshalUnmarshall
UuidCreateNil
RpcProtseqVectorFreeA

user32

GetClipboardOwner

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 284KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0dbbdf1c39460800975445e84854181c

Headers

File Characteristics

Imports

advapi32

gdi32

kernel32

ole32

rpcrt4

user32

Sections

.text Size: 20KB - Virtual size: 17KB

.rdata Size: 284KB - Virtual size: 281KB

.data Size: 4KB - Virtual size: 2KB

.text
Size: 20KB - Virtual size: 17KB

.rdata
Size: 284KB - Virtual size: 281KB

.data
Size: 4KB - Virtual size: 2KB