87f8299c7b639a94b9d4fde747ee3217_JaffaCakes118

General

Target

87f8299c7b639a94b9d4fde747ee3217_JaffaCakes118
Size

162KB
MD5

87f8299c7b639a94b9d4fde747ee3217
SHA1

17bf57bfd480c6c01062e3bb8885f5c700435db2
SHA256

fd7ea71e481bd142a517819ffd89c62f88ef479d65ed7f33bb6601495bece9e0
SHA512

c8947262cf386a1528c4018a7b227bd468b5059a4b69145c5fd4c10be5b2fe7737794989d56b89bb1b388a1f95f67cae6302f17b0714afd0e9af814931d48c7a
SSDEEP

3072:ZElNAu/nGJe3tr0lFGJ3TvipAv5OAfq1v61WxIhweOuw9:oNAMF+lUpTqp+5bzQxIhweOL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
87f8299c7b639a94b9d4fde747ee3217_JaffaCakes118

Files

87f8299c7b639a94b9d4fde747ee3217_JaffaCakes118
.exe windows:4 windows x86 arch:x86

200a9f58ce55cdab45798e2a49b8a2d1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

OpenProcessToken
LookupPrivilegeValueA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA

kernel32

CloseHandle
WideCharToMultiByte
GetStdHandle
OpenFileMappingA
TlsSetValue
GlobalLock
GetSystemTime
GetFileSize
ExitProcess
TlsGetValue
WriteFile
SetThreadLocale
VirtualFree
GetFileType
CreateFileA
SetFilePointer
SetConsolePalette
LocalUnlock
SetEndOfFile
GetShortPathNameA
lstrcpyA
GetModuleHandleA
SearchPathA
GetFileSize
GetFullPathNameA
GetModuleFileNameA
SetFileAttributesA
lstrcatA
MoveFileA
CopyFileA
lstrcpynA
lstrlenA
RemoveDirectoryA

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

user32

SetWindowTextA
ShowWindow
GetDlgItemTextA
SendDlgItemMessageA
CreateWindowExA

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 145KB - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.sdata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

200a9f58ce55cdab45798e2a49b8a2d1

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

version

user32

Sections

.text Size: 7KB - Virtual size: 6KB

.data Size: 6KB - Virtual size: 51KB

.rsrc Size: 2KB - Virtual size: 2KB

.edata Size: 145KB - Virtual size: 191KB

.sdata Size: 1024B - Virtual size: 4KB

.text
Size: 7KB - Virtual size: 6KB

.data
Size: 6KB - Virtual size: 51KB

.rsrc
Size: 2KB - Virtual size: 2KB

.edata
Size: 145KB - Virtual size: 191KB

.sdata
Size: 1024B - Virtual size: 4KB