941d7e4b8e4b1d748e9882615d2d20ca_JaffaCakes118

General

Target

941d7e4b8e4b1d748e9882615d2d20ca_JaffaCakes118
Size

447KB
MD5

941d7e4b8e4b1d748e9882615d2d20ca
SHA1

2a9f3c5346ab6c8d35566a892da0d85c317c1591
SHA256

f48d1cac66fc906a2b30920d70b23a117655f399aa97906c12362a61cc77b710
SHA512

443f86b0d4a3212ec380a3bab1eb6ba1f93fcc8b1560c650ea8726fed30ea9585f0a11b326fe278d893e7b51adb45822a94f4b4f3adae3a0306d7cc30a04523a
SSDEEP

12288:WAxrsbjl1Qrc+Fn58qD0uVkSWr0q4bTLEcJTGR4i53S:Zxeg7D30IbWQTLEcJXK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
941d7e4b8e4b1d748e9882615d2d20ca_JaffaCakes118

Files

941d7e4b8e4b1d748e9882615d2d20ca_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3101896226f6b065e47bb78a00400022

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtAllocateVirtualMemory

msvcrt

_adjust_fdiv
malloc
_initterm
free

mpr

WNetEnumResourceA

kernel32

DisableThreadLibraryCalls

rpcrt4

NdrDllUnregisterProxy
CStdStubBuffer_Connect
NdrDllCanUnloadNow
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_Disconnect
NdrDllRegisterProxy
CStdStubBuffer_CountRefs
NdrDllGetClassObject
NdrStubForwardingFunction
NdrOleAllocate
IUnknown_QueryInterface_Proxy
NdrStubCall2
CStdStubBuffer_Invoke
NdrOleFree
NdrCStdStubBuffer2_Release
CStdStubBuffer_AddRef
NdrCStdStubBuffer_Release
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_QueryInterface
IUnknown_AddRef_Proxy
IUnknown_Release_Proxy
CStdStubBuffer_IsIIDSupported

Sections

.text
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 83KB - Virtual size: 920KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 214KB - Virtual size: 214KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3101896226f6b065e47bb78a00400022

Headers

File Characteristics

Imports

ntdll

msvcrt

mpr

kernel32

rpcrt4

Sections

.text Size: 107KB - Virtual size: 106KB

.data Size: 83KB - Virtual size: 920KB

.rsrc Size: 40KB - Virtual size: 40KB

.rdata Size: 214KB - Virtual size: 214KB

.reloc Size: 512B - Virtual size: 20B

.text
Size: 107KB - Virtual size: 106KB

.data
Size: 83KB - Virtual size: 920KB

.rsrc
Size: 40KB - Virtual size: 40KB

.rdata
Size: 214KB - Virtual size: 214KB

.reloc
Size: 512B - Virtual size: 20B