ab7dce709152796a189bf86bf5b2fda4_JaffaCakes118

General

Target

ab7dce709152796a189bf86bf5b2fda4_JaffaCakes118
Size

1.3MB
MD5

ab7dce709152796a189bf86bf5b2fda4
SHA1

8a380475fdf55f2c4d5d86c16d913bed6144bac5
SHA256

724260ed4b40613fad42bd2ae3870c8b088ab5491910c5a7cc347fb2cf4abdc2
SHA512

0e2b778d68ff4121267baa763c64c0c19a7eb69cffbc4cd9dda05880262b52c8bc151fa9c100d8e626d6b89eddd6b200a0fe8a9baa751d20514ac2f271214bca
SSDEEP

24576:ygsd9wik0acJXO2R+y3pk5bjGG7L2vsXTDfpF+ncaUpCZI7shYy5:VVchO2R+y3GBaKZXTDr+XUpCZI7s15

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ab7dce709152796a189bf86bf5b2fda4_JaffaCakes118

Files

ab7dce709152796a189bf86bf5b2fda4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8f23453380677cefe513bfb7335f0452

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstFileA
lstrlenA
lstrcpyA
GetWindowsDirectoryA
FindClose
lstrcatA
RemoveDirectoryA
FindNextFileA
lstrcmpA
SetFileTime
_lread
DosDateTimeToFileTime
_lcreat
LoadLibraryA
GetProcAddress
FreeLibrary
GetVersionExA
GetLastError
GetCurrentProcess
_llseek
GetModuleFileNameA
_lopen
DeleteFileA
LocalFileTimeToFileTime
FileTimeToLocalFileTime
UnhandledExceptionFilter
FreeEnvironmentStringsA
HeapReAlloc
_hread
_hwrite
CreateDirectoryA
GetTimeZoneInformation
GetSystemTime
GetLocalTime
FileTimeToSystemTime
_lclose
GetDriveTypeA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
GetCPInfo
GetACP
GetOEMCP
WideCharToMultiByte
TerminateProcess
GetFullPathNameA
GetCurrentDirectoryA
RtlUnwind
HeapFree
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
SetEnvironmentVariableA
VirtualAlloc
WriteFile
HeapAlloc
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
CompareStringA
CompareStringW

user32

LoadIconA
wsprintfA
ExitWindowsEx
MessageBoxA

advapi32

LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges

Sections

.text
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8f23453380677cefe513bfb7335f0452

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 44KB - Virtual size: 42KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 76KB - Virtual size: 76KB

.text
Size: 44KB - Virtual size: 42KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 76KB - Virtual size: 76KB