69cff8e625042978144b0d1ee03bcd18_JaffaCakes118

General

Target

69cff8e625042978144b0d1ee03bcd18_JaffaCakes118
Size

732KB
MD5

69cff8e625042978144b0d1ee03bcd18
SHA1

f16db9240277792309fca439fffcd37fd5148a98
SHA256

2e301f6e96f2f03b50c22650283629ce2d20511f9d324184613ea04dc3597fdb
SHA512

4501a1d2a1a895d80574014bc555287a3190d3aad08bd5889d7dc9973f32598a817f37ba3afd6ab73725e64e2e59c143aba579dba4ba1519796a88532204fd4a
SSDEEP

6144:jovILdV94IUnlESZkWOF1x5VMR9IzwqLyKU2AOzwXWM82jMh+3UFV/SwMV6bQ+BG:j5vAZkWOF1x7MghVEO0G0sFnUz7ktIp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
69cff8e625042978144b0d1ee03bcd18_JaffaCakes118

Files

69cff8e625042978144b0d1ee03bcd18_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c6fedb0db0dd897bfd46630d1f9f87ab

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeLibrary
SetLastError
GetLastError
DeviceIoControl
GetVolumeInformationA
GetDiskFreeSpaceA
GetFileAttributesA
GetProcAddress
LoadLibraryA
ReadFile
FlushFileBuffers
FormatMessageA
GetVersionExA
FindClose
FindFirstFileA
SetFilePointer
DeleteFileA
GetFileSize
GetCurrentDirectoryA
OutputDebugStringA
GetSystemDirectoryA
FindResourceA
SizeofResource
LoadResource
LockResource
CreateFileA
WriteFile
GetCurrentProcess
CloseHandle
SetStdHandle
RtlUnwind
HeapFree
HeapAlloc
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
GetModuleFileNameA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
TerminateProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
MultiByteToWideChar
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP

advapi32

RegQueryValueExA
RegDeleteValueA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 680KB - Virtual size: 677KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c6fedb0db0dd897bfd46630d1f9f87ab

Headers

File Characteristics

Imports

kernel32

advapi32

version

Sections

.text Size: 32KB - Virtual size: 28KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 17KB

.rsrc Size: 680KB - Virtual size: 677KB

.text
Size: 32KB - Virtual size: 28KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 17KB

.rsrc
Size: 680KB - Virtual size: 677KB