ac6444759ef64a6121c81b178ccba48d_JaffaCakes118

General

Target

ac6444759ef64a6121c81b178ccba48d_JaffaCakes118
Size

25KB
MD5

ac6444759ef64a6121c81b178ccba48d
SHA1

e2bf57c7d36f271390af1ee6b0acd4eb56dcefa5
SHA256

5ac26cc150363b7f7c067be6ae56f1904c146b33f0b07010ef0d54fe80db6289
SHA512

e71750e52d055a2209b818d0de1e280a69dde745973c8e58d3528a26d064bdc85abd2568eef58aa043ec279113ddd1cfc694ce584f9293da5607c5155c406e57
SSDEEP

384:vkYfDhtiLiwhm+7oFFaZtBIFF1ahvPbT9AHIa0iZ8kIt78yitrHNJrK7:7fDso0KUtByb8vPbTA18xFfitr3E

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ac6444759ef64a6121c81b178ccba48d_JaffaCakes118

Files

ac6444759ef64a6121c81b178ccba48d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

570074e0feb053b94496d3e2b5247f48

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

x:\dev\t0d0\lab\downloader lv1.3\code\downloaderinstaller\release\DownloaderInstaller.pdb

Imports

psapi

GetModuleFileNameExW
EnumProcesses

kernel32

GetModuleHandleW
GetWindowsDirectoryA
CreateFileW
lstrcmpiA
GetProcAddress
CreateFileMappingW
CloseHandle
QueueUserAPC
GlobalFree
OpenThread
LockResource
FreeResource
FindResourceW
LoadResource
GetCurrentProcess
lstrcmpiW
WriteFile
OpenProcess
UnmapViewOfFile
Thread32First
SizeofResource
Thread32Next
lstrlenW
GetTempPathW
CreateEventW
GetModuleHandleA
LoadLibraryExA
GetFileTime
GetWindowsDirectoryW
DeleteFileW
SetFileAttributesW
FreeLibrary
MoveFileExW
MapViewOfFile
SetFileTime
Sleep
GetModuleFileNameW
CreateToolhelp32Snapshot
GetStartupInfoA
Process32NextW
Process32FirstW
GlobalAlloc
WaitForSingleObject

user32

wsprintfW
SendMessageTimeoutW
MessageBoxA

advapi32

LookupPrivilegeValueW
RegQueryValueExW
RegCloseKey
OpenProcessToken
AdjustTokenPrivileges
RegSetValueExW
RegOpenKeyExW

shell32

ShellExecuteW

msvcrt

_wcsicmp
memset
_strrev
memcpy
_controlfp
??3@YAXPAX@Z
??2@YAPAXI@Z
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

570074e0feb053b94496d3e2b5247f48

Headers

File Characteristics

PDB Paths

Imports

psapi

kernel32

user32

advapi32

shell32

msvcrt

Sections

.text Size: 5KB - Virtual size: 4KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 72B

.rsrc Size: 15KB - Virtual size: 15KB

.text
Size: 5KB - Virtual size: 4KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 72B

.rsrc
Size: 15KB - Virtual size: 15KB