a6f5f8cacc58edb6a5f7306b32145792_JaffaCakes118

General

Target

a6f5f8cacc58edb6a5f7306b32145792_JaffaCakes118
Size

202KB
MD5

a6f5f8cacc58edb6a5f7306b32145792
SHA1

b68a5a8d97a28905e1a465b9aae9b677b3cbb77a
SHA256

538201926883bd13c91720d8ef4bdf7d96257f9b11741db1b700e25f933c3d3e
SHA512

18b10a69782c86ef847c980bd0b5a5959e1392ff5d192994df361ec3cb67813fddfb09c0532ed9495a0b169938854542e092c88a8dc29e0102854d06d5c4fdf5
SSDEEP

6144:3NMz2UuEG2/nNaZCgOAaIsbhLu9iwUe/N:dfUD/NaYByVAA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a6f5f8cacc58edb6a5f7306b32145792_JaffaCakes118

Files

a6f5f8cacc58edb6a5f7306b32145792_JaffaCakes118
.exe windows:5 windows x86 arch:x86

3113df001dd2130ff530f1970db578ef

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

ntdll

NtQueryDirectoryFile
ZwQueryInformationThread
NtQueryDirectoryObject
NtQueryEaFile
NtOpenEventPair
NtMapViewOfSection
NtCancelTimer
NtCreateSection

dmlohtml

_Eps
_LSinh
_LInf
_FCosh
_Sinh
_FInf
_LDenorm
_Dtest
_Dscale
_Stold

user32

MapWindowPoints
DrawTextA
WindowFromPoint
IsWindow
MessageBoxW
GetClassNameW
GetMonitorInfoW
RegisterWindowMessageW
PtInRect
CloseClipboard
ReleaseDC
IsWindowUnicode
RedrawWindow
DialogBoxParamW
GetDC
GetMenuItemID
RegisterClipboardFormatW
LoadImageW
LockWindowUpdate
CharUpperW
GetMessagePos
GetClipboardData
OpenClipboard
SetForegroundWindow
SetWindowLongW
LoadBitmapW
DestroyWindow
FrameRect
MapDialogRect
GetWindowThreadProcessId
EndDialog
LoadIconW
GetWindowTextW
MessageBeep
DefWindowProcW
GetSysColorBrush

kernel32

InterlockedIncrement
OutputDebugStringA
GetCurrentProcessId
SleepEx
FormatMessageW
HeapAlloc
GetModuleHandleA
HeapReAlloc
GetPriorityClass
ExitProcess
DeleteCriticalSection
lstrlenW
InterlockedDecrement
FlushInstructionCache
GetLocaleInfoW
GetCurrentProcessId
WaitForSingleObject
MulDiv
ExpandEnvironmentStringsW
GetUserDefaultLCID
VirtualAlloc
FindNextVolumeW
CloseHandle
HeapFree
GetVolumePathNamesForVolumeNameW
FreeLibrary
EnterCriticalSection
GetCurrentProcess

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 135KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3113df001dd2130ff530f1970db578ef

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

dmlohtml

user32

kernel32

Sections

.text Size: 20KB - Virtual size: 20KB

.data Size: 45KB - Virtual size: 44KB

.rsrc Size: 135KB - Virtual size: 136KB

.text
Size: 20KB - Virtual size: 20KB

.data
Size: 45KB - Virtual size: 44KB

.rsrc
Size: 135KB - Virtual size: 136KB