8d71df4cd71954cf9c3aeccd9e3548ca_JaffaCakes118

General

Target

8d71df4cd71954cf9c3aeccd9e3548ca_JaffaCakes118
Size

156KB
MD5

8d71df4cd71954cf9c3aeccd9e3548ca
SHA1

2824cc9e22cab0fc894e6de1536ddc0a25122d1d
SHA256

06e43b0fc5daa6c3d699fc95b0ff6c1874585158ecda3c2d1e49b394eee23ebf
SHA512

e7b147a320535c97db7c6a1fae5447fbb306792b9007bfb28524cf103c33f06c8c8c0852ab14bd6179c2dce55d71edcc8b997b9589b1d90c1bf80d605eee0768
SSDEEP

3072:Fzal0K58C+KvQXhkMzvnHQtFL8veW1uBbIyC2wTWxXIlIk7:SwC/YRkWKueBw6xXuIk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8d71df4cd71954cf9c3aeccd9e3548ca_JaffaCakes118

Files

8d71df4cd71954cf9c3aeccd9e3548ca_JaffaCakes118
.exe windows:4 windows x86 arch:x86

dc998aac6791905a688a5ac3af4e19ac

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
GetLocalTime
WriteConsoleA
LCMapStringA
LoadLibraryA
GetOEMCP
lstrcmpA
GetCPInfo
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
WriteFile
RtlUnwind
GetStartupInfoA
GetFileType
FileTimeToSystemTime
CreateEventA
RemoveDirectoryA
GetEnvironmentVariableA
GetShortPathNameA
CreateProcessA
GetACP
SetFileAttributesA
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
LCMapStringW
FreeEnvironmentStringsA
GetModuleFileNameA
HeapAlloc
GetCommandLineA
GetVersion
ExitProcess
GetProcAddress
GetModuleHandleA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
VirtualAlloc
HeapReAlloc
TerminateProcess
UnhandledExceptionFilter

user32

GetMessageA
LoadIconW
RegisterClassExA
SetWindowsHookExA
SystemParametersInfoW
GetWindowTextLengthA
MapDialogRect
LoadImageA
CharToOemA
DrawIcon
ReleaseCapture

gdi32

TextOutA
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
ScaleWindowExtEx
RectVisible

ole32

StgCreateDocfile
CoInitialize
OleCreate
CoSuspendClassObjects
CoUninitialize

version

GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dc998aac6791905a688a5ac3af4e19ac

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

ole32

version

Sections

.text Size: 68KB - Virtual size: 64KB

.data Size: 76KB - Virtual size: 159KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 68KB - Virtual size: 64KB

.data
Size: 76KB - Virtual size: 159KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 2KB