613578a1c7b5a781eaa7aace67895b1f_JaffaCakes118

General

Target

613578a1c7b5a781eaa7aace67895b1f_JaffaCakes118
Size

107KB
MD5

613578a1c7b5a781eaa7aace67895b1f
SHA1

60b1d32cb63040f6a20b1af349db5a79bbe6e6ec
SHA256

1865899c0d21404b17514e25151acea9fd22aceafd4e28c2cf59c0f817d22ef5
SHA512

74976ef7a68b31827d148126be5f32aabb1068a2e211d07921131abf91210363f2948c9d0a4935e697b5051cb40b0fb549b14e0e95a224a0773281d88df3f3b2
SSDEEP

3072:F0nXOYfm1hHVsR1iBaOSa8nZ1C/VxlAqPwEPNWCpmP6Pr1FvIKEdTzuhOChC38uf:uXOem1hHVsR1iBaOSa8nZ1C/VxXPwEPY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
613578a1c7b5a781eaa7aace67895b1f_JaffaCakes118

Files

613578a1c7b5a781eaa7aace67895b1f_JaffaCakes118
.dll windows:4 windows x86 arch:x86

8738380503f96edb5880105c2f78aee9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

AddAtomA
CloseHandle
CreatePipe
CreateProcessA
CreateSemaphoreA
CreateThread
FindAtomA
GetAtomNameA
GetExitCodeProcess
GetLastError
InterlockedDecrement
InterlockedIncrement
ReadFile
ReleaseSemaphore
SetLastError
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
WaitForSingleObject

msvcrt

__dllonexit
_assert
_errno
_iob
abort
fflush
fprintf
free
malloc
memchr
memcpy
memmove
memset
printf
puts
sprintf
sscanf
strchr
strcmp
strlen
strrchr

Exports

Exports

_ZN10CCmdEngine4gzipEPcS0_S0_
_ZN10CCmdEngine4par2EPcS0_S0_
_ZN10CCmdEngine5unrarEPcS0_S0_

Sections

.text
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 175B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8738380503f96edb5880105c2f78aee9

Headers

File Characteristics

Imports

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 46KB - Virtual size: 46KB

.data Size: 512B - Virtual size: 80B

.rdata Size: 2KB - Virtual size: 2KB

.bss Size: - Virtual size: 16KB

.edata Size: 512B - Virtual size: 175B

.idata Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 46KB - Virtual size: 46KB

.data
Size: 512B - Virtual size: 80B

.rdata
Size: 2KB - Virtual size: 2KB

.bss
Size: - Virtual size: 16KB

.edata
Size: 512B - Virtual size: 175B

.idata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB