76ab8892a7ac425bfe0aac3df0ea98c7_JaffaCakes118

General

Target

76ab8892a7ac425bfe0aac3df0ea98c7_JaffaCakes118
Size

224KB
MD5

76ab8892a7ac425bfe0aac3df0ea98c7
SHA1

ec6f4fb8de57d0c2aad5eff1dff47bf824790696
SHA256

91e05d6df0ebe6c97e3a6c82fb64d2d3985a866dd10418aa55349c09750abc40
SHA512

612d2cd48627a072c0ef234121f869c759d77ad115e53eea839f3fab74b5b3211a59be405b381db7f53357e76fc02ef2bca1575e514e474a627caee48b84e0af
SSDEEP

6144:1nSgShIuyax8JjYonIagsluoi8wNNfraE4V:tS56haxWj9Fg0uo7wTf+E4V

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
76ab8892a7ac425bfe0aac3df0ea98c7_JaffaCakes118

Files

76ab8892a7ac425bfe0aac3df0ea98c7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6df588750419b61b58b19225057a6c56

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
FindNextFileA
VirtualFree
GetLastError
VirtualAlloc
GetExitCodeThread
GetCurrentProcessId
GetExitCodeProcess
GetEnvironmentStrings
FindClose
SetEvent
VirtualProtect
LoadLibraryA
GetCurrentThread
GetCurrentThreadId
GetProcAddress
GetModuleHandleA
ReleaseSemaphore
CreateWaitableTimerA
LocalLock
VirtualQuery
ResetEvent
HeapUnlock
OpenSemaphoreA
HeapDestroy
LocalReAlloc
GetModuleFileNameA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
HeapSize
InterlockedExchange
RtlUnwind
HeapReAlloc
HeapAlloc
GetCPInfo
GetOEMCP
GetSystemInfo
GetACP
HeapFree
HeapCreate
GetFileType
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetStartupInfoA
GetCommandLineA
GetVersionExA
ExitProcess
TerminateProcess
GetCurrentProcess
WriteFile
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA

user32

PostMessageA
SetCursor
LoadBitmapA
LoadCursorA
GetDesktopWindow
LoadIconA
GetDC
GetCursorPos
SetTimer
ReleaseDC
GetSysColorBrush
CreateIcon
IsIconic
SetCursorPos
GetWindowRect

psapi

GetProcessMemoryInfo
EmptyWorkingSet
GetWsChanges
EnumProcesses

msvfw32

DrawDibRealize

ws2_32

WSAStartup
WSACleanup

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 128KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6df588750419b61b58b19225057a6c56

Headers

File Characteristics

Imports

kernel32

user32

psapi

msvfw32

ws2_32

Sections

.text Size: 20KB - Virtual size: 17KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 64KB - Virtual size: 61KB

.rsrc Size: 128KB - Virtual size: 124KB

.text
Size: 20KB - Virtual size: 17KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 64KB - Virtual size: 61KB

.rsrc
Size: 128KB - Virtual size: 124KB