add7e7624fb8e6a6edfb8cf0fea4dad7_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

add7e7624fb8e6a6edfb8cf0fea4dad7_JaffaCakes118
Size

855KB
MD5

add7e7624fb8e6a6edfb8cf0fea4dad7
SHA1

42e2baf933e0c138bee510d95236839b1ef55a77
SHA256

967895aa395f0f4f06224f1cfbfa6eccd13a38669303e4a44fed8f8f642c832d
SHA512

3f38c0f68483ec2b1ec52fd4cc6c665d6a7d282fab47578f9c8dff9e19a7786d7359a113df0644dcd45677bcfbf413f12cfd620f14ae78d43ed8725beaecc887
SSDEEP

24576:pQ4GXw7ObzfkjCmx4HLqtdgdfIBEMo61:O3DvsZxULqEdAEMo6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
add7e7624fb8e6a6edfb8cf0fea4dad7_JaffaCakes118

Files

add7e7624fb8e6a6edfb8cf0fea4dad7_JaffaCakes118
.exe windows:5 windows x86 arch:x86

84f2b19cb07257fd96310a9133b84b3a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetDiskFreeSpaceA
DeleteCriticalSection
GetFullPathNameW
VirtualAlloc
GetEnvironmentVariableA
RemoveDirectoryA
GetEnvironmentStringsW
LockFile
EnterCriticalSection
GetCurrentThreadId
GetCPInfo
OpenEventW
GetStringTypeW
SetThreadPriority
LoadLibraryA
OpenProcess
GlobalMemoryStatus
CreateFileA
SetUnhandledExceptionFilter
WaitForMultipleObjects
GetStartupInfoW
Sleep
GetProcAddress
CreateFileMappingA
MoveFileA
GetProcessHeap
QueryPerformanceFrequency
UnhandledExceptionFilter
lstrcatA
WriteFile
GlobalSize
UnlockFile
LeaveCriticalSection
IsDBCSLeadByte
GetModuleHandleA
SetFileTime
GetShortPathNameA
GetPrivateProfileStringA
lstrcmpA
CompareStringW
GetDateFormatW
QueryPerformanceCounter
FlushFileBuffers
SetHandleCount
HeapFree
DeleteFileA
CreateSemaphoreW
IsBadCodePtr
CompareFileTime
lstrcpyA

advapi32

OpenThreadToken
IsValidSid
InitializeAcl
RevertToSelf
AllocateAndInitializeSid
RegSetValueExW

gdi32

SetMapMode
GetDIBits
GetDeviceCaps
SelectPalette
StretchDIBits
RealizePalette
LPtoDP
CreateBitmap
SetViewportExtEx
SelectObject
RestoreDC

msvcrt

exit
__set_app_type
__p__commode
__getmainargs

Sections

.text
Size: 149KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 239KB - Virtual size: 239KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 462KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

84f2b19cb07257fd96310a9133b84b3a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

gdi32

msvcrt

Sections

.text Size: 149KB - Virtual size: 148KB

.rdata Size: 239KB - Virtual size: 239KB

.data Size: 462KB - Virtual size: 1.9MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 149KB - Virtual size: 148KB

.rdata
Size: 239KB - Virtual size: 239KB

.data
Size: 462KB - Virtual size: 1.9MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB