63bb79de0bad097ccbcb35aa48b79b30_JaffaCakes118

General

Target

63bb79de0bad097ccbcb35aa48b79b30_JaffaCakes118
Size

18KB
MD5

63bb79de0bad097ccbcb35aa48b79b30
SHA1

d3a68000b64c0f7205fadb30c82f67190f34df8a
SHA256

89c941d1f22d7fe8aeb592b4be93a219e4e09d60e61b244d172681daeda9fa3d
SHA512

6f0537e700619b88347840b3c5c319f6a83c329b433552c3923a5bdb7f7609d155e061b953e71eda5a29bae9d38ec78d3dbe232876db8daf84f21bb407819124
SSDEEP

384:lclimcnom/Q8TcygzGlyEIIdaaQoR0iPwVY2yJzz7dK:WlimcNTcL6dBQIPwC2Qn7dK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
63bb79de0bad097ccbcb35aa48b79b30_JaffaCakes118

Files

63bb79de0bad097ccbcb35aa48b79b30_JaffaCakes118
.exe windows:5 windows x86 arch:x86

3c66ad6a1e035696ba44882469cbc472

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\Администратор\Documents\Visual Studio 2008\Projects\MTR\Test2\Release\mtrsurs.pdb

Imports

kernel32

CloseHandle
GetFileSize
GetFileAttributesA
DeleteFileA
Sleep
GlobalAlloc
GetCommandLineA
GetModuleFileNameA
GetLocalTime
CreateToolhelp32Snapshot
Process32First
lstrcmpiA
Process32Next
GetProcAddress
LoadLibraryA
GetModuleHandleA
WriteFile
WinExec
ExitProcess
OpenProcess
ReadProcessMemory
GetVersionExA
GetTickCount
GetComputerNameA
GlobalMemoryStatus
CopyFileA
GlobalFree
lstrlenA
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
SetFilePointer
CreateFileA

user32

GetKeyboardState
ActivateKeyboardLayout
ToAscii
MapVirtualKeyA
KillTimer
PostQuitMessage
DefWindowProcA
SendMessageA
FindWindowA
PostMessageA
RegisterClassA
CreateWindowExA
ShowWindow
SetTimer
GetMessageA
TranslateMessage
DispatchMessageA
GetKeyState
GetAsyncKeyState
GetWindowTextA
GetForegroundWindow
GetWindowThreadProcessId
GetKeyboardLayout
GetSystemMetrics
EnumDisplayDevicesA
CharLowerBuffA

advapi32

OpenServiceA
DeleteService

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3c66ad6a1e035696ba44882469cbc472

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

Sections

.text Size: 15KB - Virtual size: 14KB

.data Size: 512B - Virtual size: 2KB

.CRT Size: 512B - Virtual size: 4B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 15KB - Virtual size: 14KB

.data
Size: 512B - Virtual size: 2KB

.CRT
Size: 512B - Virtual size: 4B

.reloc
Size: 1KB - Virtual size: 1KB