824eaa22627512a5315a8340bf0833cb_JaffaCakes118

General

Target

824eaa22627512a5315a8340bf0833cb_JaffaCakes118
Size

207KB
MD5

824eaa22627512a5315a8340bf0833cb
SHA1

99ba5a9b4f1eb24a18c13c925c98485869fe4e73
SHA256

f7de2b0a6e3890ca96fc35dc37294d1c0e64222b4778d095cc3e059c048a0137
SHA512

4d31dc5a8e59d446c7b6c8b6abbd0ff3f21278538cafc32f607bae49ab769e7aeabd9d8e39669710ea144b91cb108835c378e23865240dc9d580d4357fff6374
SSDEEP

6144:hIUGtKiuXkykvOkNeuXj6NPaqz6FSrzB52/:hnGtK9XFaeuXjUaqzfh8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
824eaa22627512a5315a8340bf0833cb_JaffaCakes118

Files

824eaa22627512a5315a8340bf0833cb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

11bf47dc2b342f82846acc80b02fba6d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtOpenDirectoryObject
NtAccessCheck
VerSetConditionMask
RtlDeNormalizeProcessParams
NtCreateProfile
NtQueryDirectoryFile
ZwOpenProcessToken
RtlpNtEnumerateSubKey
RtlCompareMemory
ZwSetInformationJobObject
_ultoa

user32

CheckRadioButton
GetSubMenu
UnionRect
GetWindowThreadProcessId
DrawIconEx
FindWindowW
SetDlgItemTextW
PtInRect
IsWindowVisible
FindWindowExW
SetCursor

msvcrt

_wfopen
wcsrchr
strstr
_onexit
atol
wcscpy
_wcsnicmp
_access
time
_isctype
abs

ulib

?PutString@WSTRING@@IAEXPAG@Z
?ResetConversions@WSTRING@@SGXXZ
??8WSTRING@@QBEEABV0@@Z
?Resize@HMEM@@QAEEKK@Z
?MachinePlatform@@3VMACHINE@@A
??0WSTRING@@QAE@ABV0@@Z
?SetDataBits@COMM_DEVICE@@QAEEK@Z
?SetOdsr@COMM_DEVICE@@QAEEE@Z
??0REST_OF_LINE_ARGUMENT@@QAE@XZ
??1BSTRING@@UAE@XZ
?Fatal@PROGRAM@@UBEXXZ
??1FSTRING@@UAE@XZ

kernel32

VirtualAlloc
GetModuleHandleW
GetTickCount
GetCurrentProcessId
GetCurrentThreadId
VirtualFree
VirtualLock
_lopen
GetCommConfig
CopyFileExW
FindFirstVolumeMountPointW

Sections

.text
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

11bf47dc2b342f82846acc80b02fba6d

Headers

File Characteristics

Imports

ntdll

user32

msvcrt

ulib

kernel32

Sections

.text Size: 64KB - Virtual size: 64KB

.data Size: 2KB - Virtual size: 18KB

.rsrc Size: 1024B - Virtual size: 936B

.text
Size: 64KB - Virtual size: 64KB

.data
Size: 2KB - Virtual size: 18KB

.rsrc
Size: 1024B - Virtual size: 936B