4cf8ec30eb66854fe1937b43b26bc3f4_JaffaCakes118

General

Target

4cf8ec30eb66854fe1937b43b26bc3f4_JaffaCakes118
Size

83KB
MD5

4cf8ec30eb66854fe1937b43b26bc3f4
SHA1

78f65e34d74194a62ae02ce9a19b5304cf009198
SHA256

78cad63b3a096de3608d4a9cfb4e31ff032655a680c131577ffd4ad8d08b8d5a
SHA512

e5f65f096f7e5732a123800857136702831e1bb3239eaac10ea2c755e8a16f8741b2c9a97158e2d84b4e9c0c8ba5b246fd6c701dc317d1e90201e6d07c71dfb2
SSDEEP

1536:aAvRY8UroFwrPv9BnRp4GncxCSbyjpyWkMK5f0oau8h9ESkz+oxngji:/ZY5rogcGIbJdMcKkg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4cf8ec30eb66854fe1937b43b26bc3f4_JaffaCakes118

Files

4cf8ec30eb66854fe1937b43b26bc3f4_JaffaCakes118
.exe windows:5 windows x86 arch:x86

7edd6e76ed82bc207b9391899e91a571

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindResourceW
UnregisterWait
RegisterWaitForSingleObject
GetShortPathNameA
GetModuleHandleW
DeleteFiber
GetVolumePathNameA
ExitProcess
FindResourceA
GetEnvironmentStrings
ExitProcess
VirtualProtect
SetEnvironmentVariableA
VirtualAlloc
GetModuleHandleA
GetVolumePathNameW
RaiseException
FreeEnvironmentStringsW
VirtualFree
CreateSemaphoreW
GetFileSize
Sleep
GetLocalTime
GetFileTime
LoadLibraryA
AddAtomA
GetNumberFormatA
GetVersionExA

msvcrt

is_wctype
__iscsym
strcpy
_atoi64
_environ
??1bad_cast@@UAE@XZ
rename
__crtCompareStringA
_cgets
_mktime64
_ismbbtrail
_winminor
getenv
gmtime
_CIlog
memcpy
abs
_cwait

comdlg32

PrintDlgA
GetOpenFileNameW
ChooseColorW
GetSaveFileNameW
PageSetupDlgW
FindTextW
GetOpenFileNameA
FindTextA
CommDlgExtendedError
PrintDlgExW
GetSaveFileNameA
PageSetupDlgA
PrintDlgW
ChooseFontA
PrintDlgExA
CommDlgExtendedError
GetFileTitleA

winmm

mciGetDeviceIDA
timeGetSystemTime
mciDriverNotify
mmioWrite
mciGetYieldProc
midiInReset
mixerGetLineInfoA
midiInStop
mmioRead

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7edd6e76ed82bc207b9391899e91a571

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

comdlg32

winmm

Sections

.text Size: 13KB - Virtual size: 13KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 19KB - Virtual size: 18KB

.rsrc Size: 38KB - Virtual size: 38KB

.reloc Size: 512B - Virtual size: 64B

.text
Size: 13KB - Virtual size: 13KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 19KB - Virtual size: 18KB

.rsrc
Size: 38KB - Virtual size: 38KB

.reloc
Size: 512B - Virtual size: 64B