7071693dad9049eb36f232304afd0192_JaffaCakes118

General

Target

7071693dad9049eb36f232304afd0192_JaffaCakes118
Size

257KB
MD5

7071693dad9049eb36f232304afd0192
SHA1

0192e1652d82cff1d91c4d59ccad3d636a52c69d
SHA256

1b044649f4960bcec37f5497b44dd7ca1bbaec3de80bc0d8113c2b6c384b5100
SHA512

ff85b36738487951f08fa894e65e6d3c3318adc43902d79e0181936eb07c9b8b73c1aad9e5926470f001315bb0220f23d995030fb3bff2d4ee83b21c8201acc3
SSDEEP

6144:s0tHHrL0j8hbW/SPoCAJbjNu7JrdnSl/imA:dtnrK+kJ8uR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7071693dad9049eb36f232304afd0192_JaffaCakes118

Files

7071693dad9049eb36f232304afd0192_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f1ac602e10de5a2529ae50bde637c957

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcessId
GetEnvironmentStrings
GetEnvironmentStringsW
GetStdHandle
GetCurrentThread
GetVersionExA
GetPriorityClass
IsDebuggerPresent
GetCommandLineA
VirtualAlloc
GetTickCount
GetModuleHandleA
HeapSize
HeapReAlloc
HeapAlloc
GetProcessHeap
GetCommandLineW
GetProcAddress
IsBadWritePtr
GetStartupInfoW
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameW
FreeEnvironmentStringsA
MultiByteToWideChar
FreeEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
GetModuleFileNameA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
FatalAppExitA
LoadLibraryA

secur32

LsaConnectUntrusted

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 231KB - Virtual size: 266KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.norman
Size: 1024B - Virtual size: 988B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f1ac602e10de5a2529ae50bde637c957

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

secur32

Sections

.text Size: 19KB - Virtual size: 18KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 231KB - Virtual size: 266KB

.norman Size: 1024B - Virtual size: 988B

.rsrc Size: 3KB - Virtual size: 2KB

.text
Size: 19KB - Virtual size: 18KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 231KB - Virtual size: 266KB

.norman
Size: 1024B - Virtual size: 988B

.rsrc
Size: 3KB - Virtual size: 2KB