6a4d7a22479d3fdc0de5aa30cf2e2bff_JaffaCakes118

General

Target

6a4d7a22479d3fdc0de5aa30cf2e2bff_JaffaCakes118
Size

533KB
MD5

6a4d7a22479d3fdc0de5aa30cf2e2bff
SHA1

a4e43d4a8e0b05817c9c4bac6002215556a645e3
SHA256

7c4e2b9904cf46a188919dfcd63e3c40617c6087f5d37ddb7df8f0ad7552b3ac
SHA512

dae51b4bcb4d2b336f9c256f0520f50e436aa050a4faffafa2f257085a110aed4dfb9e4b4d9ac906bfbc60c6221c9fb1624608f97872ed2c9638574fc352c9fe
SSDEEP

12288:pASEv/onxWGuVvn7BvSOTIvxEAX40edWl0t:pASEHoxzyvNup

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6a4d7a22479d3fdc0de5aa30cf2e2bff_JaffaCakes118

Files

6a4d7a22479d3fdc0de5aa30cf2e2bff_JaffaCakes118
.exe windows:5 windows x86 arch:x86

4e40ebb1d5ab75fd2ef5308f341e3a6f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

userenv

EnterCriticalPolicySection
RegisterGPNotification

version

VerFindFileA
GetFileVersionInfoA
VerQueryValueA
VerQueryValueW
VerInstallFileW

rpcrt4

data_size_ndr
RpcSmSwapClientAllocFree
RpcServerUseProtseqEpA
RpcServerUseAllProtseqsIf
RpcServerUnregisterIf
RpcNetworkIsProtseqValidA
MesHandleFree
CStdStubBuffer_AddRef

kernel32

WinExec
WaitNamedPipeW
VirtualFree
VirtualAlloc
VerLanguageNameA
UnlockFileEx
SetVolumeMountPointW
SetUnhandledExceptionFilter
SetLastError
SetComputerNameA
OpenMutexA
CallNamedPipeW
ConvertThreadToFiber
CreateNamedPipeW
EnterCriticalSection
EnumTimeFormatsA
ExitProcess
FindResourceA
GetACP
GetCPInfo
GetCommandLineA
GetNamedPipeHandleStateW
GlobalDeleteAtom
HeapAlloc
IsProcessorFeaturePresent
LocalFlags

crtdll

_ismbcprint
_ultow
_wcslwr
atan2
_finite
iswgraph
localtime
_expand
_exit
_XcptFilter
_heapchk

ntdll

RtlNtStatusToDosError
RtlQueryTimeZoneInformation
RtlSetAttributesSecurityDescriptor
RtlStartRXact
RtlpNtSetValueKey
ZwFindAtom
RtlInitializeCriticalSection
RtlCompareUnicodeString
NtReplyPort
RtlNewSecurityGrantedAccess

Exports

Exports

Yzlzl
bakleqmhxsYjnk
eemQpzMMV
hpgrCbuadnim
iohiaAfawormdXcho
mywxoludr
oJilxyvscfmdjbxpcC
okyxXfZfhpLFqofEp
pbygtuUMwqaxsnnlv
rmtXsw
tBcdzqkoc
vcqptNooPjGx
vrsqD
yfyvBYdbwkl

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 446KB - Virtual size: 447KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4e40ebb1d5ab75fd2ef5308f341e3a6f

Headers

File Characteristics

Imports

userenv

version

rpcrt4

kernel32

crtdll

ntdll

Exports

Exports

Sections

.text Size: 34KB - Virtual size: 33KB

.data Size: 446KB - Virtual size: 447KB

.rsrc Size: 51KB - Virtual size: 51KB

.text
Size: 34KB - Virtual size: 33KB

.data
Size: 446KB - Virtual size: 447KB

.rsrc
Size: 51KB - Virtual size: 51KB