a59d1f867e47909501a50e1ce39e850b_JaffaCakes118

General

Target

a59d1f867e47909501a50e1ce39e850b_JaffaCakes118
Size

552KB
MD5

a59d1f867e47909501a50e1ce39e850b
SHA1

694f9507559a0288ca784af145134018dbcff550
SHA256

4386501da733b2c36efd0e3931e33b36065df4d136cc1edf09e31c4d8178580c
SHA512

3a02152d40b928bec33376c59a0feb675f8af651b24a18b9f19e9d4630a0a29093a16f6516d9bc028f6ba79dc0ab281eca66473bd459eccdea391bce71fa2901
SSDEEP

12288:RQCjvznbPGbWF41DA4iiFVvES/XFjvzWP8fZbQmyXtIq:CCnCo4DLZv9HW0RbQmJq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a59d1f867e47909501a50e1ce39e850b_JaffaCakes118

Files

a59d1f867e47909501a50e1ce39e850b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b132e9a5eb8fcc8688f4ef585750143f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LeaveCriticalSection
SetLastError
GetCurrentThreadId
FormatMessageA
InterlockedDecrement
FindClose
CreateEventA
FindResourceA
CreateThread
InitializeCriticalSection
GetTimeZoneInformation
TerminateProcess
HeapReAlloc
MulDiv
ReadFile
SetFilePointer
MapViewOfFile
WideCharToMultiByte
SetStdHandle
GetProcessHeap
InterlockedCompareExchange
GetProcAddress
GetCommandLineA
HeapSize
UnhandledExceptionFilter
GetCPInfo
GetCurrentProcessId
GetLocaleInfoA
GetEnvironmentStrings
GetCurrentProcess
LoadLibraryA
SetEvent
WaitForSingleObject
GlobalFree
LoadLibraryW
ReleaseMutex
GetLastError
VirtualAlloc
HeapAlloc
ExitProcess
lstrlenA
GetModuleHandleA
GetStartupInfoA
GetVersion
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
TlsSetValue
TlsAlloc
TlsGetValue
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
EnterCriticalSection
GetACP
GetOEMCP
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedIncrement

user32

DestroyWindow
SetForegroundWindow
EnableWindow
GetFocus
TrackPopupMenu
CreateWindowExA
GetWindowLongA
InvalidateRect
RegisterClassA
GetWindow
GetClientRect
SendMessageA
GetDC
GetSysColor
TranslateMessage
PeekMessageA
ScreenToClient
GetWindowRect
IsWindow
ShowWindow
DefWindowProcA
BeginPaint
ReleaseDC
GetMessageA

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

geiaa
Size: 464KB - Virtual size: 463KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

yeaqe
Size: 16KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ecoskiu
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b132e9a5eb8fcc8688f4ef585750143f

Headers

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 24KB - Virtual size: 23KB

geiaa Size: 464KB - Virtual size: 463KB

yeaqe Size: 16KB - Virtual size: 17KB

ecoskiu Size: 44KB - Virtual size: 40KB

.text
Size: 24KB - Virtual size: 23KB

geiaa
Size: 464KB - Virtual size: 463KB

yeaqe
Size: 16KB - Virtual size: 17KB

ecoskiu
Size: 44KB - Virtual size: 40KB