65528571d8b42d34a6ca5f326eddda71_JaffaCakes118

General

Target

65528571d8b42d34a6ca5f326eddda71_JaffaCakes118
Size

101KB
MD5

65528571d8b42d34a6ca5f326eddda71
SHA1

701e09c72a9a3ac23a866b9cd9b867f2915e55f4
SHA256

f57f02a87275b4541a561b4c9bc324b5fe89abc0aea389cbbe417b92b1925375
SHA512

51c414b2d0623b6c1ef045562526eeed59b3a46aad6f8f0fde7429d69425fb5f7d0198a14c3941bb3be46567b6ad186f1f5a1a30dc783358c6173a7e79c32fed
SSDEEP

3072:O+TbkGGJdj+RyPq26mPyvM4W9KOJBuQLv9EN:O6Nod+RyPq26mPV4sf3v9s

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
65528571d8b42d34a6ca5f326eddda71_JaffaCakes118

Files

65528571d8b42d34a6ca5f326eddda71_JaffaCakes118
.exe windows:6 windows x86 arch:x86

971de64f4b0c963c72c16767d256f21a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

mpatch.pdb

Imports

kernel32

CloseHandle
GetLastError
GetFileSize
CreateFileA
ReleaseMutex
GetEnvironmentVariableA
SetThreadAffinityMask
GetCurrentThread
WaitForMultipleObjects
CreateMutexA
GetProcessAffinityMask
GetCurrentProcess
DeleteFileA
GetTempPathA
GetFullPathNameA
SetThreadPriority
GetProcAddress
GetModuleFileNameA
LoadLibraryA
SetErrorMode
HeapAlloc
HeapFree
GetProcessHeap
VirtualAlloc
SetFilePointer
SetEndOfFile
CreateFileMappingA
MapViewOfFile
SetFileTime
GetFileTime
UnmapViewOfFile
EnterCriticalSection
LeaveCriticalSection
SetLastError
FreeLibrary
InitializeCriticalSection
RaiseException
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
RtlUnwind
InterlockedCompareExchange
Sleep
InterlockedExchange
VirtualFree

msvcrt

_cexit
_exit
_XcptFilter
_initterm
_amsg_exit
__setusermatherr
__p__commode
__p__fmode
__set_app_type
memcpy
?terminate@@YAXXZ
_controlfp
memset
strchr
realloc
malloc
fopen
isxdigit
fgets
fclose
_strdup
_strlwr
memmove
_stricmp
sprintf
_ultoa
strtoul
_iob
fprintf
exit
printf
_vsnprintf
__getmainargs

Sections

.text
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

971de64f4b0c963c72c16767d256f21a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcrt

Sections

.text Size: 66KB - Virtual size: 66KB

.data Size: 1024B - Virtual size: 74KB

.rsrc Size: 32KB - Virtual size: 32KB

.text
Size: 66KB - Virtual size: 66KB

.data
Size: 1024B - Virtual size: 74KB

.rsrc
Size: 32KB - Virtual size: 32KB