ab838bccd44cbed0d3abc48e13e1bf60_JaffaCakes118

General

Target

ab838bccd44cbed0d3abc48e13e1bf60_JaffaCakes118
Size

395KB
MD5

ab838bccd44cbed0d3abc48e13e1bf60
SHA1

31dd101907d88b268c181d76789a88ee5b05081e
SHA256

15235138e27cfdbcecefd8336f316fcdbae0b97aeaf6f559254a3976abc887eb
SHA512

0372250b91e5ec7f86923ce5d7191a74131859585c1d16d2c69fe60bdde43e22be6ab34bb6523de78d191e871aea34e3ff0c3be159fbc76007dbb4027545f8d6
SSDEEP

12288:69BT6iPrVxQV1OAigdQymQf8VfpE6baJY3RFD:qT6K0JiDyIVBbAYBFD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ab838bccd44cbed0d3abc48e13e1bf60_JaffaCakes118

Files

ab838bccd44cbed0d3abc48e13e1bf60_JaffaCakes118
.exe windows:5 windows x86 arch:x86

dcebe17e9be7484f2708124eb017d6d6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
Sleep
VirtualFree
ExitProcess
GetTickCount
CreateThread
WaitForSingleObject
GetStringTypeW
MultiByteToWideChar
LCMapStringW
WideCharToMultiByte
HeapReAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCommandLineW
HeapSetInformation
GetStartupInfoW
HeapAlloc
GetLastError
HeapFree
EncodePointer
DecodePointer
RaiseException
SetUnhandledExceptionFilter
GetProcAddress
GetModuleHandleW
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
HeapSize
LeaveCriticalSection
EnterCriticalSection
UnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
LoadLibraryW
GetCPInfo

user32

GetTopWindow
DispatchMessageW
TranslateMessage
GetMessageW
CreateWindowExW
RegisterClassExW
DefWindowProcW
RegisterRawInputDevices

ntdll

RtlUnwind

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 360KB - Virtual size: 360KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dcebe17e9be7484f2708124eb017d6d6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ntdll

Sections

.text Size: 29KB - Virtual size: 28KB

.data Size: 360KB - Virtual size: 360KB

.rsrc Size: 4KB - Virtual size: 4KB

.text
Size: 29KB - Virtual size: 28KB

.data
Size: 360KB - Virtual size: 360KB

.rsrc
Size: 4KB - Virtual size: 4KB