a8a7d0fa4031f77dc7ac1cbce6a407f5_JaffaCakes118

General

Target

a8a7d0fa4031f77dc7ac1cbce6a407f5_JaffaCakes118
Size

44KB
MD5

a8a7d0fa4031f77dc7ac1cbce6a407f5
SHA1

769ec45c64f4d4d658156dd098a40f48e0285002
SHA256

2f2e952e69a18e5b6d19e111f11ec18b1ea7cebca06f36a5e2dc617fb19ed67e
SHA512

97b15e37b3ced83862b3c4bd1c4b8b9565fb8b07be0bd3f5e1fb40eaf267af3c0a607f1b4eac8cbaad11d3f30375324d9531fb8aa5ccc5f3d1c0b72873c3d0c2
SSDEEP

768:wNr2KL74OvsVz/TOKMkwin6xTq848BMefu6Kz9rZEW35TDDsXiAD/h:wNr2K/4tOKMk52Tn48Gempz9t7XA7h

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a8a7d0fa4031f77dc7ac1cbce6a407f5_JaffaCakes118

Files

a8a7d0fa4031f77dc7ac1cbce6a407f5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d0deb4a9ba8e25d6ac275e9253e583ee

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteProcessMemory
VirtualAllocEx
OpenProcess
lstrlenA
WinExec
lstrcatA
GetSystemDirectoryA
CopyFileA
GetLongPathNameA
Sleep
GetModuleFileNameA
GetExitCodeProcess
CloseHandle
GetCurrentProcess
GetModuleHandleA
GetFileTime
CreateFileA
ResumeThread
CreateProcessA
SetThreadPriority
GetCurrentThread
SetPriorityClass
lstrcpyA
GetEnvironmentVariableA
GetShortPathNameA
TerminateProcess
GetCurrentProcessId
GetProcAddress
CreateRemoteThread
FindResourceA
SizeofResource
FreeResource
LoadResource
LockResource
SetFileTime
GetStartupInfoA

advapi32

LookupPrivilegeValueA
RegDeleteValueA
OpenProcessToken
AdjustTokenPrivileges
RegCreateKeyA
RegSetValueExA
RegCloseKey

shell32

SHGetSpecialFolderPathA

msvcrt

__getmainargs
fclose
fwrite
fopen
strlen
_except_handler3
sprintf
free
fread
malloc
strcmp
strcat
strstr
exit
_exit
_XcptFilter
_acmdln
_stricmp
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_strlwr

psapi

EnumProcesses
GetModuleFileNameExA
EnumProcessModules

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d0deb4a9ba8e25d6ac275e9253e583ee

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

msvcrt

psapi

Sections

.text Size: 5KB - Virtual size: 4KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 1KB

.rsrc Size: 32KB - Virtual size: 32KB

.text
Size: 5KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 32KB - Virtual size: 32KB