8a9167de7de645e2674550dbdd98b45f_JaffaCakes118

General

Target

8a9167de7de645e2674550dbdd98b45f_JaffaCakes118
Size

124KB
MD5

8a9167de7de645e2674550dbdd98b45f
SHA1

4117a695a95f5b3d32dfae235792f75232279ab2
SHA256

2841b5ef9e7b8cfdfa60eb418ed28444bbd5b0fd0d9da6f93ba07de8369ab5dc
SHA512

044d4e725e5b542d0921f5ade7de9f9b644c97ef5cf8b1586ed75cbe8e9bddac9799dd7ff6a6fd61488ded93dd2ef78da41bcb62a40dd2e9e9fc1b2d5d726352
SSDEEP

1536:1H/wtnMW4AZzuaDuQC6Out+LJQRXFDZFUzPPBXvuAISNXw7PiXGhmEM7qV:etMW4AZ6aQbut+L+/ZSVGAIoCi2FEqV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8a9167de7de645e2674550dbdd98b45f_JaffaCakes118

Files

8a9167de7de645e2674550dbdd98b45f_JaffaCakes118
.exe windows:5 windows x86 arch:x86

0fa5212456aa19d1209a36774588c147

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlGetFrame
RtlPopFrame
DbgUserBreakPoint
RtlPushFrame

kernel32

WaitForSingleObjectEx
QueueUserAPC
lstrcmpiW
GetCurrentThread
CreateThread
CreateTimerQueue
CreateTimerQueueTimer
ResetEvent
LocalFree
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
SearchPathW
GetSystemTimeAsFileTime
DeleteTimerQueueTimer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetSystemDirectoryW
DeleteTimerQueueEx
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
CreateEventW
SetEvent
InterlockedIncrement
Sleep
GetLastError
CreateProcessW
WaitForSingleObject
CloseHandle
InterlockedDecrement
ExpandEnvironmentStringsW
RemoveVectoredExceptionHandler
AddVectoredExceptionHandler
TerminateProcess
EnterCriticalSection
SleepEx
GetCurrentProcess

user32

UnregisterDeviceNotification
RegisterDeviceNotificationW

comctl32

ord17

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
GetTokenInformation
CreateWellKnownSid
LookupAccountSidW
OpenThreadToken
RegOpenKeyW

Sections

.text
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0fa5212456aa19d1209a36774588c147

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

user32

comctl32

advapi32

Sections

.text Size: 120KB - Virtual size: 119KB

.rdata Size: 2KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 784B

.text
Size: 120KB - Virtual size: 119KB

.rdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 784B