94ce817990e4ba14a5591fb0ef7f7413_JaffaCakes118

General

Target

94ce817990e4ba14a5591fb0ef7f7413_JaffaCakes118
Size

204KB
MD5

94ce817990e4ba14a5591fb0ef7f7413
SHA1

a26850bffca7283f1c5f2c69eae8f6875d7d585e
SHA256

01026af87c9b3331fa1aaa2b73197dc009c199f2cd1949031a2c7cbded0013ee
SHA512

b98a784c2c940293087f4b770e12130a010a8af841d8408ef1eadcb3b7d4d6f98b18ec5502eaf10241c5b753213599423c0f581e24090e511762ad016f33ec87
SSDEEP

6144:45BBUfN/D6gqphVlSMY7kds93VBqas9YxK:8CegqphZY7kd2XqDP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
94ce817990e4ba14a5591fb0ef7f7413_JaffaCakes118

Files

94ce817990e4ba14a5591fb0ef7f7413_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cb5a46a4611e7adc847e641510f4a09c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExpandEnvironmentStringsA
CloseHandle
Process32Next
Process32First
CreateToolhelp32Snapshot
GetModuleFileNameA
lstrcmpA
CreateThread
WinExec
Sleep
GetCurrentThreadId
HeapFree
DeleteFileA
SetLastError
lstrcmpiA
LockResource
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
lstrcatA
LoadLibraryA
GetProcAddress
GetLastError
GetProcessHeap
HeapAlloc
GetModuleHandleA
SetUnhandledExceptionFilter

user32

ShowWindow
UpdateWindow
GetMessageA
CreateWindowExA
DispatchMessageA
DefWindowProcA
LoadCursorA
SetCursor
RegisterClassExA
TranslateMessage
LoadIconA

advapi32

GetFileSecurityA
GetSecurityDescriptorControl
RegQueryValueExA
RegDeleteValueA
RegDeleteKeyA
RegSetValueExA
RegCreateKeyExA
GetUserNameA
OpenSCManagerA
OpenServiceA

msvcrt

strchr
fclose
fwrite
fopen
??2@YAPAXI@Z
printf
strstr
??3@YAXPAX@Z
??1type_info@@UAE@XZ
_except_handler3
__CxxFrameHandler
_CxxThrowException

netapi32

NetApiBufferFree
NetUserGetLocalGroups

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 180KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cb5a46a4611e7adc847e641510f4a09c

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

netapi32

Sections

.text Size: 12KB - Virtual size: 11KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 180KB - Virtual size: 177KB

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 180KB - Virtual size: 177KB