6561e8fad70cfdd25e4a1f8d64f2c0a0_JaffaCakes118

General

Target

6561e8fad70cfdd25e4a1f8d64f2c0a0_JaffaCakes118
Size

290KB
MD5

6561e8fad70cfdd25e4a1f8d64f2c0a0
SHA1

bf944eb70a382bd77ee5b47548ea9a4969de0527
SHA256

ff6181cbf78edbbea17dce94132991fd7179c61e79030ec348a3039ae1f7598a
SHA512

572a366af6a543cb98275707048425147fc21a49c9a8be47037af2cdc5925e860a21f11b3605b052a5b86fe5d27993a365ba42ad94c1952c7bf05603b1628c98
SSDEEP

6144:liyEOh2GIzQLIUA+axHxt5yWrMoacMfznewGu5gi/wKYOYz:cDOSQLIvHHrMeMfEuBzYv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6561e8fad70cfdd25e4a1f8d64f2c0a0_JaffaCakes118

Files

6561e8fad70cfdd25e4a1f8d64f2c0a0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9b0e3f9752931d649092b4829b9908e8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
LeaveCriticalSection
UnhandledExceptionFilter
InitializeCriticalSection
GetTickCount
lstrcpynA
FreeLibrary
QueryPerformanceCounter
GetProcAddress
InterlockedIncrement
VirtualAlloc
InterlockedExchange
WideCharToMultiByte
lstrcatA
lstrcmpiW
GetCurrentProcess
TerminateProcess
GetLocalTime
Sleep
lstrlenA
MultiByteToWideChar
InterlockedDecrement
GetLastError
SetLastError
lstrcpyA
CloseHandle
LoadLibraryA
GetACP
lstrcmpW
GetStdHandle
GetSystemTimeAsFileTime
GetStringTypeW
lstrcatW
GetStartupInfoA
GetCPInfo
GetLocaleInfoA
GetStringTypeA
GetModuleHandleA
VirtualFree
DeleteCriticalSection
EnterCriticalSection
GetFileType

winspool.drv

OpenPrinterW
ClosePrinter
GetPrinterDriverW

msvcrt

_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
strlen
sprintf
strncmp

user32

MsgWaitForMultipleObjects
TranslateMessage
SendMessageA
PeekMessageA
DestroyWindow
ShowWindow
RegisterClassA
DefWindowProcA
DispatchMessageA

Sections

.text
Size: 111KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 174KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 240B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9b0e3f9752931d649092b4829b9908e8

Headers

File Characteristics

Imports

kernel32

winspool.drv

msvcrt

user32

Sections

.text Size: 111KB - Virtual size: 112KB

.data Size: 174KB - Virtual size: 176KB

.bss Size: - Virtual size: 240B

.idata Size: 2KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 4KB

.text
Size: 111KB - Virtual size: 112KB

.data
Size: 174KB - Virtual size: 176KB

.bss
Size: - Virtual size: 240B

.idata
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 4KB