4b0ce0012cf88a77338ed22733edaf8a_JaffaCakes118

General

Target

4b0ce0012cf88a77338ed22733edaf8a_JaffaCakes118
Size

220KB
MD5

4b0ce0012cf88a77338ed22733edaf8a
SHA1

f602ce9678a75e0ee117cd9afc090207c6751d8c
SHA256

f2ca07cbc92ff70a2e152fa9c0bb470a058a634b6984f7dc3e92f1b021f835b8
SHA512

fe1ad1406d8ec636f022f8832151c19fcc6cddb34bec58a399b044a17f763aa0ccaedc502d1307527f0e8c583ce38a512a72f5f01e3dfa9c08da9aa8c6bff27b
SSDEEP

3072:ZaV21jrsOGevRKdyt2DzZqCb0sJBgaH9TrlHk/mz9e9QFjWEdbneFC+sDBXC8W7R:ZaV21jAOGDdyt2DbTbHw9QNWERF/BhW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4b0ce0012cf88a77338ed22733edaf8a_JaffaCakes118

Files

4b0ce0012cf88a77338ed22733edaf8a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

3cbddc09b061e0eb69bb6e25bf5c36c9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateMutexA
GetModuleHandleA
GetVolumeInformationA
GetSystemWindowsDirectoryA
GetCurrentThread
GetCurrentProcess
InterlockedIncrement
CompareFileTime
GetCurrentThreadId
CreateEventA
IsValidCodePage
QueryPerformanceCounter
GetStartupInfoW
GetVersionExA
GetSystemTime
GetModuleFileNameW
GetLocalTime
GetTickCount
GetProcAddress
GetModuleHandleW
GetCommandLineA
GetCurrentProcessId
InterlockedDecrement
TlsAlloc
GetModuleFileNameA
GetStdHandle
GetCurrentDirectoryA
GetStartupInfoA

advapi32

RegOpenKeyExA
GetUserNameW
RegQueryValueExA
RegCloseKey

user32

CharUpperW

shlwapi

PathCommonPrefixW
PathStripToRootA

msvcrt

_onexit
__dllonexit
_controlfp
wcsstr
memcpy
memset
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3

Sections

.text
Size: 214KB - Virtual size: 214KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3cbddc09b061e0eb69bb6e25bf5c36c9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

user32

shlwapi

msvcrt

Sections

.text Size: 214KB - Virtual size: 214KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 180KB

.rsrc Size: 1024B - Virtual size: 672B

.text
Size: 214KB - Virtual size: 214KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 180KB

.rsrc
Size: 1024B - Virtual size: 672B