691a8fb5c5c03ef02e18380aa13538f1_JaffaCakes118

General

Target

691a8fb5c5c03ef02e18380aa13538f1_JaffaCakes118
Size

24KB
MD5

691a8fb5c5c03ef02e18380aa13538f1
SHA1

731da33e201c8000db34ceda79166b62ccb2fa79
SHA256

e982b964a29dde353ab2f7f839fa06e02c77e4c77a378ac095a1a040fac55234
SHA512

03a290dfd46fbf5bb5e95581daf46943d7702dcd61a00ab0177b907849cb310dabef6187ceacd48f7d414c4799a1061fbb3450ec1ceeff3435e55d479eca9e13
SSDEEP

384:MPpOZ/D0L6N5sH5Rtr6WqpaUqJX61oZHafz:MhW0CA5Hr61p/qJX8oVafz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
691a8fb5c5c03ef02e18380aa13538f1_JaffaCakes118

Files

691a8fb5c5c03ef02e18380aa13538f1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2cef3912270718b76bfb25b19a2248d4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetModuleFileNameExA

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

mfc42

ord860
ord350
ord533
ord2818
ord823
ord6874
ord6283
ord6282
ord4202
ord535
ord2919
ord268
ord540
ord825
ord1105
ord537
ord5194
ord5651
ord3127
ord3616
ord3663
ord964
ord798
ord1567
ord1997
ord800
ord6407
ord5778
ord2764
ord5465
ord3511

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
??1type_info@@UAE@XZ
atoi
__CxxFrameHandler
_mbscmp
_access
_except_handler3
_mbsnbcpy
exit

kernel32

CreateMutexA
GetLastError
GetVersionExA
CopyFileA
TerminateProcess
GetSystemDirectoryA
GetWindowsDirectoryA
SetFileAttributesA
Sleep
GetModuleFileNameA
SetEvent
WaitForSingleObject
CreateEventA
CreateToolhelp32Snapshot
Process32First
GetPriorityClass
OpenProcess
CloseHandle
Process32Next
GetStartupInfoA
GetModuleHandleA

user32

wsprintfA

advapi32

RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey

shell32

ShellExecuteA

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 628B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2cef3912270718b76bfb25b19a2248d4

Headers

File Characteristics

Imports

psapi

version

mfc42

msvcrt

kernel32

user32

advapi32

shell32

Sections

.text Size: 8KB - Virtual size: 6KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 628B

.rsrc Size: 4KB - Virtual size: 952B

.text
Size: 8KB - Virtual size: 6KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 628B

.rsrc
Size: 4KB - Virtual size: 952B