695f065667e33b24c386af2622f9ba09_JaffaCakes118

General

Target

695f065667e33b24c386af2622f9ba09_JaffaCakes118
Size

491KB
MD5

695f065667e33b24c386af2622f9ba09
SHA1

55ab9f548905dd5d431877d5e3d461f8a84881e4
SHA256

7d1c44a587988024c39bfdabc43c90b1db25ce2877bda5b61a80b3409b56c877
SHA512

913960acc028d3d8e06db592182b69e95f5aa99382b4389d929fea6f31df406ef225675dc06bfb8ca42bc8e36c4fc2acfb58d6a5c99626e3a5e1b796efab1c08
SSDEEP

12288:bayWTr4GwUa5YgE9ePDeFT5ckAYM6ph7OFhQToiX1:b0TrEUaBE9eLe7ckAGh7OFgoiX1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
695f065667e33b24c386af2622f9ba09_JaffaCakes118

Files

695f065667e33b24c386af2622f9ba09_JaffaCakes118
.exe windows:5 windows x86 arch:x86

6d271bb64490b3ee098f2ffdad63f8d1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

_strcmpi
RtlAdjustPrivilege
NtWriteVirtualMemory
NtAllocateVirtualMemory
NtProtectVirtualMemory
NtFreeVirtualMemory
_chkstk
_snprintf
_vsnprintf
strncmp
_strlwr
memset
memcpy
NtQueryInformationFile
strstr

kernel32

GetFileSize
GetModuleFileNameA
CreateMutexA
SetEnvironmentVariableA
ExitProcess
CreateToolhelp32Snapshot
Process32First
lstrcmpiA
OpenProcess
CreateRemoteThread
WaitForSingleObject
GetExitCodeThread
Process32Next
Sleep
SetLastError
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
HeapValidate
FindClose
FindNextFileA
DeleteFileA
RemoveDirectoryA
MoveFileExA
FindFirstFileA
QueryDosDeviceA
GetLogicalDriveStringsA
WriteFile
CloseHandle
SetFilePointer
SetFileAttributesW
GetFileAttributesW
ReadFile
SizeofResource
LoadResource
FindResourceExA
WideCharToMultiByte
MultiByteToWideChar
HeapReAlloc
IsBadReadPtr
OutputDebugStringA
GetCurrentThreadId
GetLastError
GetProcAddress

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 310KB - Virtual size: 309KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 167KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6d271bb64490b3ee098f2ffdad63f8d1

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

Sections

.text Size: 9KB - Virtual size: 9KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 310KB - Virtual size: 309KB

.rsrc Size: 167KB - Virtual size: 166KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 310KB - Virtual size: 309KB

.rsrc
Size: 167KB - Virtual size: 166KB

.reloc
Size: 1KB - Virtual size: 1KB