a04f703f55129517b68bbbdb62171784_JaffaCakes118

General

Target

a04f703f55129517b68bbbdb62171784_JaffaCakes118
Size

522KB
MD5

a04f703f55129517b68bbbdb62171784
SHA1

393eea803640a5289c013f3f6e12d5d389d1ca3c
SHA256

f4eab1dc8dff6bfdf00fb2f775a5f9d152e4b9d73b2258e9906df3e38431bb4e
SHA512

d47f8095014623d3a40bad937a4a9d63613184c5541afb623903f54e5b2d4e7cb05d498b049beae500a0cbca0b4e7e1c778d719f816545c5dde6726a98ac53f0
SSDEEP

12288:An9i2Ow4q0QOcnEBzwbQgGw32FQ2SnucWJZG5bGa:An9i2Ow4PQOLBkFR3uF+uvZGV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a04f703f55129517b68bbbdb62171784_JaffaCakes118

Files

a04f703f55129517b68bbbdb62171784_JaffaCakes118
.exe windows:4 windows x86 arch:x86

71e928a0aa3be557c8dac61d6070e81c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareStringW
UnhandledExceptionFilter
ReadFile
LCMapStringA
EnterCriticalSection
LoadLibraryA
GetOEMCP
SetEnvironmentVariableA
RtlUnwind
HeapCreate
CompareStringA
DeleteCriticalSection
GetCurrentThreadId
FlushFileBuffers
InitializeCriticalSection
GetCurrentProcess
FreeEnvironmentStringsW
WideCharToMultiByte
GetCalendarInfoA
GetEnvironmentStrings
SetHandleCount
GetTimeZoneInformation
GetTickCount
GetLastError
TlsSetValue
CreateMutexA
QueryPerformanceCounter
VirtualFree
GetACP
LCMapStringW
GetVersion
LeaveCriticalSection
GetCPInfo
HeapAlloc
HeapFree
MultiByteToWideChar
VirtualAlloc
GetSystemTimeAsFileTime
VirtualQuery
GetEnvironmentStringsW
GetCurrentThread
TlsGetValue
ExitProcess
GetStringTypeA
FreeEnvironmentStringsA
GetProcAddress
ReadConsoleInputW
GetStartupInfoA
GetStdHandle
HeapDestroy
InterlockedExchange
TerminateProcess
GetModuleHandleA
CloseHandle
IsBadWritePtr
GetLocalTime
SetFilePointer
TlsAlloc
OpenMutexA
SetLastError
GetFileType
InterlockedDecrement
TlsFree
WriteFile
GetModuleFileNameA
GetSystemTime
SetStdHandle
GetCommandLineA
GetCurrentProcessId
InterlockedIncrement
GetStringTypeW
HeapReAlloc

user32

RegisterClassExA
SetRectEmpty
RegisterClassA
DefMDIChildProcA
LoadBitmapW
SetKeyboardState
WindowFromDC

comctl32

InitCommonControlsEx

Sections

.text
Size: 191KB - Virtual size: 191KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 314KB - Virtual size: 313KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

71e928a0aa3be557c8dac61d6070e81c

Headers

File Characteristics

Imports

kernel32

user32

comctl32

Sections

.text Size: 191KB - Virtual size: 191KB

.rdata Size: 3KB - Virtual size: 19KB

.data Size: 314KB - Virtual size: 313KB

.rsrc Size: 12KB - Virtual size: 11KB

.text
Size: 191KB - Virtual size: 191KB

.rdata
Size: 3KB - Virtual size: 19KB

.data
Size: 314KB - Virtual size: 313KB

.rsrc
Size: 12KB - Virtual size: 11KB