a472e327358e923e7c3edfe9637966f9_JaffaCakes118

General

Target

a472e327358e923e7c3edfe9637966f9_JaffaCakes118
Size

375KB
MD5

a472e327358e923e7c3edfe9637966f9
SHA1

1a3756cfa4d1eb31a68528c678279c5a48849376
SHA256

13b4b45e737fe94cf46fd877983744d2cf7b36fe765ef92ce1ff6946f255d998
SHA512

0b7adbd8057d0957a98e0fd623cafde5646963efa7c0d703b28d4484e9c319ad66d82716edf43df33ad1f68694a9439739acca851604a6bc273afb61d981211d
SSDEEP

6144:UBObXUUb9JWIGcG3dLkKcGAI5wwsnuDxDMkdVZJX6beBjNxkGFKVmuXEEatmZpzU:lUUb9MIGJ3xk5GAI5ouFDMkPZMqBIGBH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a472e327358e923e7c3edfe9637966f9_JaffaCakes118

Files

a472e327358e923e7c3edfe9637966f9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a2d565a6e5cb8996c3c7d418c991f829

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetOEMCP
GetACP
FreeEnvironmentStringsW
EnterCriticalSection
RtlUnwind
SetLastError
DeleteCriticalSection
GetCurrentProcess
LCMapStringA
VirtualAlloc
WideCharToMultiByte
GetStringTypeW
HeapReAlloc
HeapCreate
GlobalAlloc
GetVersion
GetEnvironmentStringsW
InterlockedExchange
GetModuleFileNameA
GetLastError
SetHandleCount
ExitProcess
GetStdHandle
MultiByteToWideChar
TlsGetValue
LoadLibraryA
GetTickCount
GetSystemTimeAsFileTime
LCMapStringW
GetEnvironmentStrings
VirtualFree
QueryPerformanceCounter
GetCalendarInfoA
WriteFile
lstrcpynA
VirtualQuery
GetCurrentThreadId
GetCurrentThread
HeapAlloc
InitializeCriticalSection
HeapFree
OpenWaitableTimerA
TerminateProcess
GetCurrentProcessId
DeleteAtom
TlsAlloc
LeaveCriticalSection
AddAtomA
UnhandledExceptionFilter
GetCommandLineA
GetStringTypeA
TlsFree
GetFileType
GetProcAddress
HeapDestroy
WriteConsoleOutputA
FreeEnvironmentStringsA
GetModuleHandleA
ReadFile
GetStartupInfoA
GetCompressedFileSizeW
SetLocaleInfoA
IsBadWritePtr
SetVolumeLabelA
VirtualLock
GetCPInfo
TlsSetValue

shell32

ShellExecuteW
ExtractIconA
SHQueryRecycleBinW
ExtractIconW
RealShellExecuteA
DoEnvironmentSubstA
SheChangeDirExW
SHGetFileInfo
SHGetPathFromIDList
SHGetFileInfoW
SHGetFileInfoA

gdi32

CreateCompatibleBitmap
GetEnhMetaFileBits
GetNearestPaletteIndex
EnumICMProfilesA
GetBitmapBits
GetNearestColor
CloseFigure
AngleArc
GetDeviceGammaRamp
EndPath
SelectClipPath
PtInRegion
SetTextAlign
GdiPlayJournal
CreatePatternBrush
CreateDCW
SetDeviceGammaRamp
CreateDCA
GetStockObject
FixBrushOrgEx

Sections

.text
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 266KB - Virtual size: 277KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a2d565a6e5cb8996c3c7d418c991f829

Headers

File Characteristics

Imports

kernel32

shell32

gdi32

Sections

.text Size: 104KB - Virtual size: 104KB

.data Size: 266KB - Virtual size: 277KB

.rsrc Size: 3KB - Virtual size: 3KB

.text
Size: 104KB - Virtual size: 104KB

.data
Size: 266KB - Virtual size: 277KB

.rsrc
Size: 3KB - Virtual size: 3KB