a85d63acefa7a6fa639787e364c16892_JaffaCakes118

General

Target

a85d63acefa7a6fa639787e364c16892_JaffaCakes118
Size

164KB
MD5

a85d63acefa7a6fa639787e364c16892
SHA1

86ec32360c7ec9941b9411009de6aad0c83de46f
SHA256

d0b26b744a94a6dc22eba1b79089c4e1f45db18a68a9b02f58f017b94873dcb8
SHA512

fd12fbeab738358b47836badaf635511ea819fb5a35de4065b68d9b6f7e0f5eb443a7363164f32e8308701e78f2279c9c481038d09a2aa92a4ec184a91a2b9e8
SSDEEP

3072:oqMWJgnI94EEb+2e8wjOY75RVR9TR9glTPjKTO01Rp2qDOCX0DdNZtIOO:boISEs+18wjj75RVjTR9glz+TPp2qD/d

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a85d63acefa7a6fa639787e364c16892_JaffaCakes118

Files

a85d63acefa7a6fa639787e364c16892_JaffaCakes118
.dll windows:4 windows x86 arch:x86

f41f5f0cdf77fafcb62fe9609833b07b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

CharUpperA
CharLowerA
LoadStringA

kernel32

GetModuleFileNameA
VirtualProtect
VirtualFree
VirtualQuery
GetSystemInfo
MultiByteToWideChar
LeaveCriticalSection
EnterCriticalSection
LCMapStringA
GetStringTypeA
GetUserDefaultLCID
GetVersionExA
LoadLibraryA
FreeLibrary
WideCharToMultiByte
GetStringTypeW
LCMapStringW
InitializeCriticalSection
DeleteCriticalSection
RtlUnwind
RaiseException
HeapFree
HeapReAlloc
HeapAlloc
GetCommandLineA
GetVersion
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
ExitProcess
SetUnhandledExceptionFilter
GetModuleHandleA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualAlloc
IsBadWritePtr
TerminateProcess
GetCurrentProcess
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
InterlockedDecrement
InterlockedIncrement

Exports

Exports

GetNewInf

Sections

.text
Size: 112KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f41f5f0cdf77fafcb62fe9609833b07b

Headers

File Characteristics

Imports

user32

kernel32

Exports

Exports

Sections

.text Size: 112KB - Virtual size: 110KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 24KB - Virtual size: 24KB

.reloc Size: 12KB - Virtual size: 9KB

.text
Size: 112KB - Virtual size: 110KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 24KB - Virtual size: 24KB

.reloc
Size: 12KB - Virtual size: 9KB