857b1b6459e7441721186507721aa52d_JaffaCakes118

General

Target

857b1b6459e7441721186507721aa52d_JaffaCakes118
Size

132KB
MD5

857b1b6459e7441721186507721aa52d
SHA1

69b2af350b12fe903ac38146cd8707ad9f3b3ebd
SHA256

4083f599ee47cec0e7ba592b7f6d112388a8a2d9308e41d9df7e1554c5a23f39
SHA512

546882f74ed72bb1e774d79896348b9fdf83bac00770644527bbdecc1c9b12eb19ac7fe6c34ed8c22222e9e0d02b4869d5cd6e53b91f69fa63c8c24688c3313d
SSDEEP

3072:BEkqIlTuuhI6REvIVaQiC7qP959s7PWVrA4byCi8d:KiTzD+159s7+W4GCx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
857b1b6459e7441721186507721aa52d_JaffaCakes118

Files

857b1b6459e7441721186507721aa52d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

27febde8c0e72506f0c43a78cf4a76d7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueW
GetFileVersionInfoW

wtsapi32

WTSQueryUserToken
WTSLogoffSession
WTSCloseServer

secur32

QuerySecurityPackageInfoW
InitializeSecurityContextW
QueryContextAttributesW
RevertSecurityContext
FreeContextBuffer

kernel32

LockFile
LoadLibraryA
GetProcAddress
GetModuleFileNameA
WriteFile
RtlUnwind
GetCommandLineA
GetCommandLineW
GetEnvironmentStrings
GetEnvironmentStringsW
FreeEnvironmentStringsW
MultiByteToWideChar
FreeEnvironmentStringsA
GetCurrentThread
DuplicateHandle
PeekNamedPipe
GetShortPathNameW
GetEnvironmentVariableW
ResetEvent
FindFirstChangeNotificationW
DeleteFileW
OpenMutexW
CreateMutexW
FlushFileBuffers
CreateThread
LocalFree
LocalAlloc
WriteConsoleW
ExitProcess
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapAlloc
HeapFree
Sleep
UnlockFile
GetLastError
CloseHandle
GetFileType
CreateFileW
GetModuleHandleA
GetStartupInfoW
GetVersion
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetStdHandle
SetFilePointer
SetHandleCount
GetStdHandle
GetStartupInfoA
SetEndOfFile
ReadFile
UnhandledExceptionFilter
GetModuleFileNameW

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 626KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

27febde8c0e72506f0c43a78cf4a76d7

Headers

File Characteristics

Imports

version

wtsapi32

secur32

kernel32

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 32KB - Virtual size: 28KB

.data Size: 72KB - Virtual size: 626KB

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 32KB - Virtual size: 28KB

.data
Size: 72KB - Virtual size: 626KB