6f4be4b470fa344647acad83aec9920b_JaffaCakes118

General

Target

6f4be4b470fa344647acad83aec9920b_JaffaCakes118
Size

63KB
MD5

6f4be4b470fa344647acad83aec9920b
SHA1

944fc5c558ab6a63e32bb9689ea64feb617dc9cb
SHA256

7ea902778064747c3f73cfbaa4538ed25ccfca78023074deb7f3dd1d7a372e51
SHA512

da1dd26a0ad63041f381b2751bcbcd64a588c1ef9c9860bdfd37fe76f1cecb5f0dda09643227c9fa213593309cf61f2149bc650edd463ecd2b8d06beb12487cd
SSDEEP

1536:k7BIks8fCUBqkS9Tu37Jo4zfC4Ftl0ExMAw:ki8fPBqk6Tu37Jo4njqExM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6f4be4b470fa344647acad83aec9920b_JaffaCakes118

Files

6f4be4b470fa344647acad83aec9920b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

65e8f4572ba4d6cb7950e85b11014e5c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
strcmp
memmove
strlen

kernel32

GetModuleHandleA
HeapCreate
HeapDestroy
ExitProcess
GetCurrentProcess
GetLastError
CloseHandle
GetModuleFileNameA
CreateProcessA
GetThreadContext
ReadProcessMemory
VirtualAllocEx
WriteProcessMemory
SetThreadContext
ResumeThread
TerminateProcess
InitializeCriticalSection
GetEnvironmentVariableA
SetEnvironmentVariableA
GetVersionExA
CopyFileA
HeapFree
TlsGetValue
HeapAlloc
TlsSetValue
TlsAlloc
HeapReAlloc
WaitForMultipleObjects
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
GetCurrentThread
DuplicateHandle
CreateSemaphoreA
CreateThread
ReleaseSemaphore

advapi32

OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyA
RegSetValueExA
RegCloseKey

ntdll

ZwUnmapViewOfSection
ZwSystemDebugControl

Sections

.code
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

65e8f4572ba4d6cb7950e85b11014e5c

Headers

File Characteristics

Imports

msvcrt

kernel32

advapi32

ntdll

Sections

.code Size: 2KB - Virtual size: 1KB

.text Size: 3KB - Virtual size: 3KB

.rdata Size: 512B - Virtual size: 9B

.data Size: 29KB - Virtual size: 29KB

.rsrc Size: 27KB - Virtual size: 26KB

.code
Size: 2KB - Virtual size: 1KB

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 512B - Virtual size: 9B

.data
Size: 29KB - Virtual size: 29KB

.rsrc
Size: 27KB - Virtual size: 26KB