a335e6fda2a10f9817e1d644d2c4f17d_JaffaCakes118

General

Target

a335e6fda2a10f9817e1d644d2c4f17d_JaffaCakes118
Size

271KB
MD5

a335e6fda2a10f9817e1d644d2c4f17d
SHA1

31e0b45205ff0d25f772160deb349286d845b8f2
SHA256

0dd5ed141a2bd9e97053163f418a554e26f784511af2823054cf711636f32221
SHA512

92055324ae5aaedc387c790ca5b25bde8f21682b5cb9b20f92101ca894abe15205dbb9e54df8b27283ffa111215c31c224a91bd84921054192d6033410e17e93
SSDEEP

6144:q4UvzM1mmYHKrezp4hbdRHEHjQEnY+DxnkegCc0DjLsvX:qjroJYqyz6dBTEnrQCc0b

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a335e6fda2a10f9817e1d644d2c4f17d_JaffaCakes118

Files

a335e6fda2a10f9817e1d644d2c4f17d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

db7160027f4fc6f7689a3e15148de353

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlCompareMemory
RtlExitUserThread
NtQuerySection
RtlFreeUnicodeString
RtlFillMemory
ZwSetEvent
RtlCreateTimer
RtlInitUnicodeString
NtReadFile
ZwQueryInformationThread
NtResumeThread
RtlCompareUnicodeString
NtProtectVirtualMemory
NtOpenEvent

kernel32

InterlockedDecrement
FreeEnvironmentStringsW
CreateProcessW
GetCurrentThread
GetCommandLineA
GetLocaleInfoA
InitializeCriticalSection
HeapFree
EnterCriticalSection
GetDriveTypeA
lstrcmpW
GetFileType
SetPriorityClass
GetSystemTimeAsFileTime
GetLocalTime
GetCurrentDirectoryA
GetSystemTime
GetSystemDefaultLCID
GlobalUnlock
SetEvent
GetEnvironmentStrings
lstrcpyA
VirtualAlloc
GetFileAttributesW
SystemTimeToFileTime
GetModuleFileNameW
SetFilePointer
GlobalSize
Sleep
SetFileAttributesW
lstrcmpiA
CreateFileA
ResetEvent
IsDBCSLeadByteEx
GlobalGetAtomNameA
CreateProcessA
GetModuleFileNameA
SetCurrentDirectoryW
GetLocaleInfoW
SetCurrentDirectoryA
CloseHandle
SearchPathA
GetTickCount
GetEnvironmentStringsW

advapi32

RegCloseKey
GetUserNameA
RegEnumKeyExW
RegQueryValueExW
RegSetValueExA
CryptCreateHash
AllocateAndInitializeSid
CryptDeriveKey
RegDeleteKeyA
DeregisterEventSource
CryptEncrypt
RegQueryValueExA

Sections

.text
Size: 204KB - Virtual size: 204KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

db7160027f4fc6f7689a3e15148de353

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

advapi32

Sections

.text Size: 204KB - Virtual size: 204KB

.data Size: 61KB - Virtual size: 60KB

.rsrc Size: 5KB - Virtual size: 8KB

.text
Size: 204KB - Virtual size: 204KB

.data
Size: 61KB - Virtual size: 60KB

.rsrc
Size: 5KB - Virtual size: 8KB