7462bc709cb83059996b1f07d9d1f550_JaffaCakes118

General

Target

7462bc709cb83059996b1f07d9d1f550_JaffaCakes118
Size

224KB
MD5

7462bc709cb83059996b1f07d9d1f550
SHA1

79ab6ff2c2776377ed3789f030c05737d3dada82
SHA256

50a3b61944d30e27c4bc0dfc9e46566a5d63a942b7b044e54d99ab89a769c75a
SHA512

3313a728a2a065d25a3bd75f01497985c0b05e05c62dbac852b4d594ec4ca7bf93b9bfe46d913c756fb1d9a170708f8727acc532dfce4da660f8eef514074375
SSDEEP

6144:cPAvY6ZGjVVGWI/Hf6Px2ckon4zjzM4iBIy:cYMI/f6PgckjznMx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7462bc709cb83059996b1f07d9d1f550_JaffaCakes118

Files

7462bc709cb83059996b1f07d9d1f550_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8258638205b56946754ae749126dc058

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
IsBadCodePtr
GetProcessHeap
ReleaseMutex
GetPriorityClass
TerminateThread
GetCurrentThreadId
FlushFileBuffers
SetEvent
LocalReAlloc
VirtualProtect
LoadLibraryA
OpenSemaphoreA
GetProcAddress
GetModuleHandleA
ResetEvent
GetLastError
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapSize
VirtualQuery
InterlockedExchange
RtlUnwind
HeapReAlloc
GetSystemDirectoryA
VirtualFree
HeapAlloc
GetCPInfo
GetOEMCP
GetACP
HeapFree
HeapCreate
GetSystemInfo
HeapDestroy
GetFileType
GetStartupInfoA
GetCommandLineA
GetVersionExA
ExitProcess
TerminateProcess
GetCurrentProcess
WriteFile
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount

user32

OpenIcon
LoadCursorA
EnumThreadWindows
GetDC
GetCursorPos
GetParent
SetTimer
ReleaseDC
CreateIcon
IsIconic
SetCursorPos
GetWindowRect
SetCursor
LoadIconA
GetDesktopWindow

gdi32

FloodFill

psapi

EnumProcesses
GetProcessMemoryInfo
GetModuleBaseNameA

msvfw32

DrawDibProfileDisplay
ICInstall
DrawDibStop
DrawDibEnd

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 128KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8258638205b56946754ae749126dc058

Headers

File Characteristics

Imports

kernel32

user32

gdi32

psapi

msvfw32

Sections

.text Size: 20KB - Virtual size: 16KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 64KB - Virtual size: 64KB

.rsrc Size: 128KB - Virtual size: 124KB

.text
Size: 20KB - Virtual size: 16KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 64KB - Virtual size: 64KB

.rsrc
Size: 128KB - Virtual size: 124KB