4d7c0701718401a7e7b0ebf76dbac61b_JaffaCakes118

General

Target

4d7c0701718401a7e7b0ebf76dbac61b_JaffaCakes118
Size

401KB
MD5

4d7c0701718401a7e7b0ebf76dbac61b
SHA1

bf20b9c2384725d81033b61f90a2f1fcee876cbb
SHA256

17cb2febe2410f508d762c39bf8292d7224416b39feb3ba12b27e35777897c9d
SHA512

29e952e4be3d31ce9274a75fd246b9a36ca2f79914ce03b351ad3146bafc985d4008e5fad1c86bef2ecafb544c1ff118c3e09efa18ded3e3520655c3d443188a
SSDEEP

12288:RIemTJOAGP6SUDyD6u0TtubYlu4ovEdxKh/C7G:RSbrDyDmLtoMe/Y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4d7c0701718401a7e7b0ebf76dbac61b_JaffaCakes118

Files

4d7c0701718401a7e7b0ebf76dbac61b_JaffaCakes118
.exe windows:5 windows x86 arch:x86

31def87935b30773333ada5ffc198ab2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_findfirsti64
_pipe
_wtoi64
_seh_longjmp_unwind
_wrename
wcsstr
vfprintf
_wsearchenv
_wctime
_adj_fdivr_m16i

kernel32

SetConsoleCursorMode
GlobalDeleteAtom
QueryPerformanceCounter
GetCommandLineA
SetVDMCurrentDirectories
GetModuleHandleA
GetFileTime
PurgeComm
GetSystemWindowsDirectoryA
MoveFileA
WriteConsoleOutputCharacterW
VirtualProtect
GetVolumeInformationW
EnumDateFormatsExW
GetStartupInfoA
IsBadStringPtrA
ValidateLocale

advapi32

SetTokenInformation
QueryWindows31FilesMigration
I_ScSetServiceBitsW
SystemFunction002
ElfBackupEventLogFileW
EnumServicesStatusW
LsaCreateSecret
RegEnumValueA
GetFileSecurityW

user32

GetKeyState
InflateRect
IsDlgButtonChecked
GetMenuState
DestroyIcon
GetKeyboardLayout
GetAltTabInfo
PrivateExtractIconExW

gdi32

BRUSHOBJ_pvAllocRbrush
Polyline
WidenPath
SetWindowExtEx
EngAlphaBlend

Sections

.text
Size: 396KB - Virtual size: 396KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 569KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 772B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

31def87935b30773333ada5ffc198ab2

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

advapi32

user32

gdi32

Sections

.text Size: 396KB - Virtual size: 396KB

.data Size: 2KB - Virtual size: 569KB

.rsrc Size: 1024B - Virtual size: 772B

.text
Size: 396KB - Virtual size: 396KB

.data
Size: 2KB - Virtual size: 569KB

.rsrc
Size: 1024B - Virtual size: 772B