aa44e52007a0d8eade096ee2be899c83_JaffaCakes118

General

Target

aa44e52007a0d8eade096ee2be899c83_JaffaCakes118
Size

80KB
MD5

aa44e52007a0d8eade096ee2be899c83
SHA1

be5f40d3ef4a3a66be9dab0f56af79db307e5e87
SHA256

9558a5e4cf489422b475759dc43938acb3844463ae12215b50eddee6ecb9d41a
SHA512

6c1e6cd1bbffdb786f257e1d3519eee8b1c9ceae976001a4a14a0e7d2ce18722bb6b2c68d7d70d971f522c7e206364ce0614d9d7ccc55f8c78883f223f959459
SSDEEP

1536:IMW8pxQIyx16/BJ1KHcC3aPzWYVhBsW3cY:IaQqGcLiYVcW3cY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aa44e52007a0d8eade096ee2be899c83_JaffaCakes118

Files

aa44e52007a0d8eade096ee2be899c83_JaffaCakes118
.exe windows:4 windows x86 arch:x86

aa9fc5c53b071a7db9695ec72c9e3fbc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\My\Projects\XFilter\XRedirect\Release\XRedirect.pdb

Imports

kernel32

GetACP
GetLocaleInfoA
GetVersionExA
GetLastError
CloseHandle
CreateFileA
WriteFile
FreeResource
LockResource
SizeofResource
LoadResource
FindResourceA
DeleteFileA
GetSystemDirectoryA
Sleep
ExitProcess
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
GetProcAddress
TerminateProcess
GetCurrentProcess
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapDestroy
HeapCreate
VirtualFree
HeapFree
LoadLibraryA
GetOEMCP
GetCPInfo
HeapAlloc
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
VirtualProtect
GetSystemInfo
VirtualQuery

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aa9fc5c53b071a7db9695ec72c9e3fbc

Headers

File Characteristics

PDB Paths

Imports

kernel32

Sections

.text Size: 16KB - Virtual size: 15KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 48KB - Virtual size: 44KB

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 48KB - Virtual size: 44KB