6ab120f5ec029538b0aafdf525582d79_JaffaCakes118

General

Target

6ab120f5ec029538b0aafdf525582d79_JaffaCakes118
Size

288KB
MD5

6ab120f5ec029538b0aafdf525582d79
SHA1

9fc36e4e483b2a4d1fbc22dd71949e4165312579
SHA256

44ef8cd992951ae3f7f1639dee755f1b6144e97c6498d47e179a24f1f6c9b961
SHA512

7214bc6220ffceb3c0ba0d9394b96a4d0b2721648f20c191b18a7eacf5bd06260fa67b055743fbba50d0b6232eda92b6a14b7c150bc71cad62365aff734af52a
SSDEEP

3072:Gf/SsxOE2Pz4V5QQIQ/xQeUxA5oaNX/CAQEfLpHkMbP:zsNV5QQ3+65oSPC/whkuP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6ab120f5ec029538b0aafdf525582d79_JaffaCakes118

Files

6ab120f5ec029538b0aafdf525582d79_JaffaCakes118
.exe windows:5 windows x86 arch:x86

1c79ad8d619abb69c47cc960f5506aae

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

AddAtomW
AttachConsole
BackupSeek
BaseCleanupAppcompatCache
BaseFlushAppcompatCache
BasepCheckWinSaferRestrictions
CallNamedPipeW
CheckNameLegalDOS8Dot3W
CheckRemoteDebuggerPresent
ClearCommError
CmdBatNotification
CommConfigDialogA
ConvertDefaultLocale
CreateDirectoryA
CreateFileA
CreateMailslotA
CreateNamedPipeA
CreateNamedPipeW
CreateProcessInternalWSecure
CreateSocketHandle
CreateTimerQueueTimer
DebugActiveProcess
DebugBreak
DeleteFileW
DeleteVolumeMountPointW
DeviceIoControl
EnumCalendarInfoA
EnumDateFormatsExA
EnumSystemCodePagesA
EnumUILanguagesW
EnumerateLocalComputerNamesW
ExitVDM
ExpungeConsoleCommandHistoryA
ExtendVirtualBuffer
FatalAppExitW
FatalExit
FillConsoleOutputCharacterW
FindFirstVolumeA
FindFirstVolumeMountPointW
FindResourceW
FreeLibraryAndExitThread
GetAtomNameW
GetCPInfo
GetCommMask
GetCommProperties
GetComputerNameExA
GetConsoleAliasExesW
GetConsoleFontSize
GetConsoleInputExeNameW
GetConsoleTitleA
GetCurrentDirectoryW
GetCurrentProcessId
GetDriveTypeW
GetFullPathNameA
GetGeoInfoW
GetLastError
GetLogicalDrives
GetModuleFileNameA
GetModuleHandleA
GetNumaNodeProcessorMask
GetPrivateProfileSectionA
GetProcAddress
GetProcessHeap
GetProcessTimes
GetProfileIntA
GetStringTypeA
GetSystemTimes
GetSystemWindowsDirectoryA
GetThreadSelectorEntry
GetVDMCurrentDirectories
GetVolumePathNameA
GetWindowsDirectoryW
GlobalMemoryStatus
GlobalMemoryStatusEx
Heap32First
HeapAlloc
InterlockedCompareExchange
InterlockedFlushSList
InterlockedPushEntrySList
IsBadCodePtr
IsBadWritePtr
IsValidUILanguage
LZClose
LZCopy
LZOpenFileA
LZOpenFileW
LZStart
LoadLibraryA
LoadResource
LocalAlloc
MapUserPhysicalPagesScatter
MapViewOfFile
MapViewOfFileEx
OpenJobObjectA
OpenJobObjectW
OpenProcess
PrivMoveFileIdentityW
Process32Next
ProcessIdToSessionId
PurgeComm
QueueUserWorkItem
ReadProcessMemory
RegisterConsoleIME
RegisterWaitForSingleObject
SearchPathA
SetClientTimeZoneInformation
SetConsoleCursor
SetConsoleInputExeNameA
SetConsoleKeyShortcuts
SetConsoleMode
SetConsoleOutputCP
SetConsoleScreenBufferSize
SetConsoleTextAttribute
SetCurrentDirectoryW
SetDllDirectoryW
SetEnvironmentVariableA
SetErrorMode
SetEvent
SetInformationJobObject
SetMailslotInfo
SetPriorityClass
SetVolumeLabelW
SleepEx
SuspendThread
SwitchToFiber
TermsrvAppInstallMode
Thread32Next
TlsSetValue
TransmitCommChar
UTRegister
UnregisterWaitEx
VDMOperationStarted
VirtualFree
VirtualLock
VirtualUnlock
WriteConsoleInputA
WriteConsoleOutputW
WriteConsoleW
WriteFileEx
WritePrivateProfileSectionW
_lclose
lstrcat
lstrcmp
lstrcmpA
lstrcmpi
lstrcpynA
lstrlen

Sections

.text
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1c79ad8d619abb69c47cc960f5506aae

Headers

File Characteristics

Imports

kernel32

Sections

.text Size: 132KB - Virtual size: 131KB

.text
Size: 132KB - Virtual size: 131KB