5c61b7f113068e7cc9c9c6d1746ba3f5_JaffaCakes118

General

Target

5c61b7f113068e7cc9c9c6d1746ba3f5_JaffaCakes118
Size

138KB
MD5

5c61b7f113068e7cc9c9c6d1746ba3f5
SHA1

82a6c9ab78d82395427ff7f13cb01257308a1b42
SHA256

4d3bcb331915c89bbf8e0ca91a7f2d5befed1317b9cec818bc1812ab42fd7472
SHA512

bfe6ec35f6df7e445f240d2cbc27eb637109133c92d60396ff2fee1cb83ff1f1ab76bab3a5ada039c12d343972850d61ce69d1a1223ca73ded09e97ce48ad1d7
SSDEEP

1536:NykgLplBS4BH73S7TcbJxbyC3iF440qEJ9tpz58Xh5DL:N1gLXBH72TcbPuSaL0l7tN5Wh5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5c61b7f113068e7cc9c9c6d1746ba3f5_JaffaCakes118

Files

5c61b7f113068e7cc9c9c6d1746ba3f5_JaffaCakes118
.exe windows:5 windows x86 arch:x86

8b9a7917db4bb9fa57eceec8784e7672

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThreadId
GetCommandLineW
GetProcAddress
GetModuleHandleA
QueryPerformanceCounter
CompareStringW
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
Sleep
SetEvent
CreateEventW
CreateThread
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
WaitForSingleObject
GetTickCount
CloseHandle
InterlockedExchange
RtlUnwind
HeapReAlloc
VirtualAlloc
VirtualQuery
LoadLibraryA
VirtualFree
HeapCreate
HeapDestroy
GetStartupInfoA
GetFileType
SetHandleCount
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
GetModuleFileNameW
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetLastError
GetEnvironmentStringsW
GetCommandLineA

atl

ord11
ord32
ord20
ord17
ord23
ord57
ord18
ord21
ord16
ord10

user32

CharNextW
DispatchMessageW
GetMessageW
PostThreadMessageW

ole32

CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoResumeClassObjects
CoSuspendClassObjects

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8b9a7917db4bb9fa57eceec8784e7672

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

atl

user32

ole32

Sections

.text Size: 14KB - Virtual size: 14KB

.data Size: 112KB - Virtual size: 114KB

.rsrc Size: 10KB - Virtual size: 12KB

.text
Size: 14KB - Virtual size: 14KB

.data
Size: 112KB - Virtual size: 114KB

.rsrc
Size: 10KB - Virtual size: 12KB