8a3b3acb1dc54e6b7c0005fb231505fe_JaffaCakes118

General

Target

8a3b3acb1dc54e6b7c0005fb231505fe_JaffaCakes118
Size

18KB
MD5

8a3b3acb1dc54e6b7c0005fb231505fe
SHA1

98e894a9112024e3c080a84c60004164dec3d3b2
SHA256

525d307c497feda8e81987e26b7051570accd7b1af9995dac80fd687dfc85e89
SHA512

d5986bb87315ea08623acf0c875ba9e7fdc61852683fc8c71a5ff3963845304fff0aceafacb8c1fa38e4b4f3042ad3ebc26bdb8556308eea85be9f1bf61a5d4d
SSDEEP

384:X5kimcnom/Q6v5UcygbGlKfIIvOKQURkmGvwVY2yWzzbdK:pkimcL5Uc7hvRQQGvwC2HnbdK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8a3b3acb1dc54e6b7c0005fb231505fe_JaffaCakes118

Files

8a3b3acb1dc54e6b7c0005fb231505fe_JaffaCakes118
.exe windows:5 windows x86 arch:x86

8f903e4a46bc5ca2740d6d9d90408494

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\Администратор\Documents\Visual Studio 2008\Projects\MTR\Test2\Release\mtrsurs.pdb

Imports

kernel32

CloseHandle
GetFileSize
GetFileAttributesA
DeleteFileA
Sleep
GlobalAlloc
GetCommandLineA
GetModuleFileNameA
GetLocalTime
CreateToolhelp32Snapshot
Process32First
lstrcmpiA
Process32Next
GetProcAddress
LoadLibraryA
GetModuleHandleA
WriteFile
WinExec
ExitProcess
OpenProcess
ReadProcessMemory
GetVersionExA
GetTickCount
GetComputerNameA
GlobalMemoryStatus
CopyFileA
GlobalFree
lstrlenA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
SetFilePointer
CreateFileA
RtlUnwind

user32

ToAscii
MapVirtualKeyA
KillTimer
PostQuitMessage
DefWindowProcA
SendMessageA
FindWindowA
PostMessageA
RegisterClassA
CreateWindowExA
ShowWindow
SetTimer
GetMessageA
TranslateMessage
DispatchMessageA
GetKeyboardState
GetKeyState
GetAsyncKeyState
GetWindowTextA
GetForegroundWindow
GetSystemMetrics
EnumDisplayDevicesA
CharLowerBuffA
ActivateKeyboardLayout

advapi32

OpenServiceA
DeleteService

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8f903e4a46bc5ca2740d6d9d90408494

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

Sections

.text Size: 14KB - Virtual size: 14KB

.data Size: 512B - Virtual size: 2KB

.CRT Size: 512B - Virtual size: 4B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 14KB - Virtual size: 14KB

.data
Size: 512B - Virtual size: 2KB

.CRT
Size: 512B - Virtual size: 4B

.reloc
Size: 1KB - Virtual size: 1KB