880304843d1e73d96863a7695923dbe9_JaffaCakes118

General

Target

880304843d1e73d96863a7695923dbe9_JaffaCakes118
Size

512KB
MD5

880304843d1e73d96863a7695923dbe9
SHA1

5c06355cecb73d5a0739eb9497ba96f8b4d7d82b
SHA256

a27dee983094747247235f2a09cd5e3ab06c25f9b3f54d2d4a127ef27609f6cb
SHA512

84654cc220312430d2a89eaa7fc668a48d9056c0b15aa191c4f273feb6217dd643755f0e179159172ca3bd5bd2ce5d70fa40e74625fda935c4e774f4df0cc1e1
SSDEEP

12288:bfaIIQee7cwAz42SqV/eh1/lHrssEB57FIePSXC9gtQbO:bSXeFAE2SWGllLssEB52e6X2gtIO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
880304843d1e73d96863a7695923dbe9_JaffaCakes118

Files

880304843d1e73d96863a7695923dbe9_JaffaCakes118
.exe windows:5 windows x86 arch:x86

628f2504b8c36af0a27d7236b5e24a50

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ulib

?DoParsing@ARGUMENT_LEXEMIZER@@QAEEPAVARRAY@@@Z
?IsValueSet@ARGUMENT@@QAEEXZ
?PrepareToParse@ARGUMENT_LEXEMIZER@@QAEEPAVWSTRING@@@Z
?PutSeparators@ARGUMENT_LEXEMIZER@@QAEXPBD@Z
?PutSwitches@ARGUMENT_LEXEMIZER@@QAEXPBD@Z
?Initialize@STRING_ARGUMENT@@QAEEPAD@Z
??0FSN_FILTER@@QAE@XZ
?SetCaseSensitive@ARGUMENT_LEXEMIZER@@QAEXE@Z
??0ARRAY@@QAE@XZ
?Initialize@WSTRING@@QAEEPBV1@KK@Z
?Fatal@PROGRAM@@UBAXKKPADZZ
?Initialize@ARGUMENT_LEXEMIZER@@QAEEPAVARRAY@@@Z
?Initialize@PATH@@QAEEPBVWSTRING@@E@Z
??0PROGRAM@@IAE@XZ
?Initialize@CLASS_DESCRIPTOR@@QAEEXZ

kernel32

GetCommandLineA
GetModuleHandleA
lstrcpyA
GetVersionExA
GetFileType
lstrcatW
LoadLibraryA
LocalAlloc
GetStringTypeW
GetUserDefaultLCID
EnterCriticalSection
GetModuleHandleW
GetFileAttributesW
CreateEventA
MapViewOfFile
DeviceIoControl
SetLastError
VirtualFree
GetCurrentThread
lstrcatA
VirtualProtect
GetACP

ntdll

_wcsicmp
RtlUpcaseUnicodeString
RtlLengthSecurityDescriptor
RtlMultiByteToUnicodeN
NtQuerySystemTime
RtlNormalizeProcessParams
wcsstr
RtlLengthSid
NtQueryVirtualMemory

msvcrt

_strnicmp
__wgetmainargs
rand
__getmainargs
realloc
strchr
__p__commode
??2@YAPAXI@Z
fputs
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
_iob

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

628f2504b8c36af0a27d7236b5e24a50

Headers

File Characteristics

Imports

ulib

kernel32

ntdll

msvcrt

Sections

.text Size: 39KB - Virtual size: 39KB

.rdata Size: 44KB - Virtual size: 44KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 1024B - Virtual size: 888B

.text
Size: 39KB - Virtual size: 39KB

.rdata
Size: 44KB - Virtual size: 44KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 1024B - Virtual size: 888B