a02993dae4bd8409620d8df86ee97011_JaffaCakes118

General

Target

a02993dae4bd8409620d8df86ee97011_JaffaCakes118
Size

136KB
MD5

a02993dae4bd8409620d8df86ee97011
SHA1

9cfd47177b3ac525653422dedd51ee5c88a34ec8
SHA256

2d8ac4a79bb8db0eb98d27228ccb3e191412ccba184faac54b24c9aca55343f5
SHA512

9a7ba0162663011262f556c2c32cdba9868326cf11e1afc30565a6c99a6d66889028bc0222e3dc1569cc7b32d2a13d3bff66469df2cff46c9e077aa61c573abe
SSDEEP

3072:mxuyqXy81pVJviKpC7Q+NBa9/ngtU6fNzxT:RRP1NqvN49/ngU6RV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a02993dae4bd8409620d8df86ee97011_JaffaCakes118

Files

a02993dae4bd8409620d8df86ee97011_JaffaCakes118
.exe windows:5 windows x86 arch:x86

bb7153d2d9e3c43a71de41f7cc66e439

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeLibrary
SetHandleInformation
GetVersionExA
lstrlenW
MoveFileA
Sleep
GetModuleFileNameA
GetShortPathNameA
WriteFile
GetSystemTimeAsFileTime
GetCurrentThreadId
SizeofResource
FindResourceA
GetProcAddress
lstrcpynA
GetTickCount
LoadLibraryExA
LeaveCriticalSection
lstrcatA
GetSystemDefaultLangID
EnterCriticalSection
CloseHandle
ExitProcess
VirtualQuery
MultiByteToWideChar
DeleteFileA
RaiseException
QueryPerformanceCounter
LockFileEx
ReadFile
lstrcmpiA
CreateFileA
WideCharToMultiByte
IsDBCSLeadByte
lstrlenA
GetCurrentProcessId
GetStartupInfoA
LockResource
GetLocaleInfoA
GetModuleHandleA
CreateProcessA
InitializeCriticalSection
InterlockedIncrement
CreatePipe
GetACP
SetFileAttributesA
GetThreadLocale
LoadResource
InterlockedExchange
GetSystemDirectoryA
OutputDebugStringA
GetLastError
DeleteCriticalSection
InterlockedDecrement

user32

MessageBoxA
LoadStringA
wsprintfA
CharNextA

advapi32

RegQueryValueExA
RegCloseKey
OpenProcessToken
RegOpenKeyExA
LookupPrivilegeValueA

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gdkg
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 139KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bb7153d2d9e3c43a71de41f7cc66e439

Headers

File Characteristics

Imports

kernel32

user32

advapi32

version

Sections

.text Size: 9KB - Virtual size: 8KB

.data Size: 5KB - Virtual size: 118KB

.gdkg Size: 3KB - Virtual size: 3KB

.edata Size: 139KB - Virtual size: 263KB

.text
Size: 9KB - Virtual size: 8KB

.data
Size: 5KB - Virtual size: 118KB

.gdkg
Size: 3KB - Virtual size: 3KB

.edata
Size: 139KB - Virtual size: 263KB