5c637ff17e6c70e6c4ef12b0e22d3335_JaffaCakes118

General

Target

5c637ff17e6c70e6c4ef12b0e22d3335_JaffaCakes118
Size

407KB
MD5

5c637ff17e6c70e6c4ef12b0e22d3335
SHA1

0ecddfdc413c94c6280fd39bf1014edc417d51b4
SHA256

26710153b7f29c7e7d609dbc7e42f07dd0740e5bdaf64294c9559ecdaec4eb6d
SHA512

5b468152baa1b9696c64b08934ff71d73139c69490acf274e112337e83fa1066eb225d5a7be3c70a83094dce6351de9c6500f323ee8f19b09aae5390208544c8
SSDEEP

3072:4HdmD8SNOUUB25PZOnshXXt7n0QdcIfiRuesn8GY8TNfMxCWAzfcARARMEYDEZwQ:IbmXhwuXXtYQeI6un8+TylyU1bu0+TQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5c637ff17e6c70e6c4ef12b0e22d3335_JaffaCakes118

Files

5c637ff17e6c70e6c4ef12b0e22d3335_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bf7521fc5ec800a70c92c79a762d3f5a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

fhGAFgf526.pdb

Imports

kernel32

InterlockedDecrement
UnregisterWait
RegisterWaitForSingleObjectEx
WideCharToMultiByte
LeaveCriticalSection
CreateFileW
EnterCriticalSection
InitializeCriticalSection
OpenEventW
UnmapViewOfFile
MapViewOfFileEx
OpenFileMappingW
GetSystemInfo
GetLocalTime
WaitForSingleObject
GetCurrentThread
CompareStringA
CreateEventA
GetModuleHandleW
GetModuleFileNameW
lstrcpyW
FormatMessageW
IsDebuggerPresent
OutputDebugStringA
DebugBreak
lstrcmpW
LocalFree
CloseHandle
GetSystemTimeAsFileTime
GetStartupInfoA
GetProfileIntA
ReplaceFileW
GetTimeZoneInformation
GetVersionExA
GetLocaleInfoW
CreateFileMappingW
GetLastError

advapi32

OpenThreadToken
FreeSid
CheckTokenMembership
RegisterEventSourceW
ReportEventW
DeregisterEventSource
CryptCreateHash
CryptHashData
RegEnumKeyExW
RegOpenKeyW
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
QueryServiceStatus
CloseServiceHandle
RegQueryValueExW
RevertToSelf
SetThreadToken
LookupAccountSidW

msvcrt

system
fprintf
setlocale
fgetc
fgetpos
vfprintf

secur32

FreeContextBuffer

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 335KB - Virtual size: 718KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bf7521fc5ec800a70c92c79a762d3f5a

Headers

File Characteristics

PDB Paths

Imports

kernel32

advapi32

msvcrt

secur32

Sections

.text Size: 25KB - Virtual size: 24KB

.data Size: 335KB - Virtual size: 718KB

.idata Size: 3KB - Virtual size: 2KB

.rsrc Size: 43KB - Virtual size: 42KB

.text
Size: 25KB - Virtual size: 24KB

.data
Size: 335KB - Virtual size: 718KB

.idata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 43KB - Virtual size: 42KB