93e44e0fe812d97452f487974034d340_JaffaCakes118

General

Target

93e44e0fe812d97452f487974034d340_JaffaCakes118
Size

36KB
MD5

93e44e0fe812d97452f487974034d340
SHA1

0036e3587f2456c05cfe53fab3a7969659976a7b
SHA256

17971627e130bd52aa58c8b9b1a91c61364d36f2bb29d4c5e090732a915f2732
SHA512

bfb3f8f484580aaec34f23644d983f3899b5b774f1b6654006dd568e592818b60f89885da47fe7413124c8ae27163f895447020cba8abe5480ba71cf4c9847a0
SSDEEP

768:q9iqlZu4aMwcWrkZKXshfN469R9B3DpWNsZSsp:q9iqlZu4aMwcWrkZKXshfNT9RZBSsp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
93e44e0fe812d97452f487974034d340_JaffaCakes118

Files

93e44e0fe812d97452f487974034d340_JaffaCakes118
.exe windows:6 windows x86 arch:x86

93290a3bc62324e3bc5a88d31e05c78e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

DDODiag.pdb

Imports

kernel32

GetLastError
GetTempPathW
InterlockedIncrement
ReadFile
WriteFile
SetFilePointerEx
GetFileSizeEx
CloseHandle
InterlockedDecrement
DuplicateHandle
GetCurrentProcess
CreateFileW
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
InterlockedCompareExchange
Sleep
InterlockedExchange
UnhandledExceptionFilter

msvcrt

?terminate@@YAXXZ
_except_handler4_common
_amsg_exit
__set_app_type
_wcsicmp
??2@YAPAXI@Z
_vsnwprintf
memset
__wgetmainargs
_controlfp
_cexit
_exit
__p__commode
__p__fmode
??3@YAXPAX@Z
__setusermatherr
_initterm
exit
_XcptFilter

ole32

PropVariantClear
CoInitializeEx
CoUninitialize
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
StringFromCLSID

xmllite

CreateXmlWriter

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

93290a3bc62324e3bc5a88d31e05c78e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcrt

ole32

xmllite

Sections

.text Size: 27KB - Virtual size: 26KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 22KB

.text
Size: 27KB - Virtual size: 26KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 22KB