affad6a6c657608f7ac958e38bcecc02_JaffaCakes118

General

Target

affad6a6c657608f7ac958e38bcecc02_JaffaCakes118
Size

261KB
MD5

affad6a6c657608f7ac958e38bcecc02
SHA1

2d078abf6c184ad210d4a65028c81169082764aa
SHA256

af88f6d760aadb2386f20cc906940eadcd7f48df3ad444cd78e1ae6aa77ef1a5
SHA512

9e21ca5b297cbbb324a472bc9f92d6165344261faafceb2e6bec573a045a03d8f8b44019ad328dc5cb031a762417aa716fdd644ad779d652eae236b1d6f428bd
SSDEEP

3072:DkHJ32fINj+uSLiZWzANhiR3rpIdcEW6BExUm9EKUc/wdN6krLz1Xxek9Ao32niG:DPfWiFiZziR3r/EUU4EhzrLBXxzAo4p

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
affad6a6c657608f7ac958e38bcecc02_JaffaCakes118

Files

affad6a6c657608f7ac958e38bcecc02_JaffaCakes118
.exe windows:5 windows x86 arch:x86

edf29b1a70f81b3ee0c1c3dc89384535

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalAlloc
SetPriorityClass
lstrlenA
GetModuleFileNameA
GlobalDeleteAtom
GetCPInfo
GetEnvironmentStrings
IsBadCodePtr
FileTimeToLocalFileTime
UnhandledExceptionFilter
GetSystemTime
GetUserDefaultLCID
GetProfileStringW
GetSystemTime
FindClose
LocalFree
LoadLibraryExA
GlobalAlloc
DeleteCriticalSection
GlobalGetAtomNameA
LCMapStringW
GetCommandLineW
GlobalUnlock
SetFilePointer
WaitForMultipleObjects
GlobalFree
IsDBCSLeadByteEx
OutputDebugStringW
WaitForSingleObject
GetProcAddress
TlsSetValue
Sleep
lstrlenW
MulDiv
InterlockedDecrement
GetCurrentThread
SearchPathW
GetTickCount
GetOEMCP
WideCharToMultiByte
GlobalLock
FlushFileBuffers
GlobalReAlloc
RaiseException
GetCurrentDirectoryW
GetLocaleInfoW
QueryPerformanceCounter
ExitProcess
IsValidCodePage
WriteFile
FileTimeToSystemTime
SetEvent
GetModuleFileNameW
Sleep
SetCurrentDirectoryW
SetHandleCount
FreeEnvironmentStringsW
HeapCreate
ResetEvent
lstrcpyA

ntdll

RtlFreeUnicodeString
RtlCompareUnicodeString
RtlAddAce
NtProtectVirtualMemory
RtlInitUnicodeString
NtQueryInformationProcess
NtReadFile
ZwSetEvent
ZwOpenMutant
NtSuspendThread
NtSetSystemInformation
RtlFillMemory

Sections

.text
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

edf29b1a70f81b3ee0c1c3dc89384535

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ntdll

Sections

.text Size: 162KB - Virtual size: 162KB

.data Size: 46KB - Virtual size: 46KB

.rsrc Size: 52KB - Virtual size: 52KB

.text
Size: 162KB - Virtual size: 162KB

.data
Size: 46KB - Virtual size: 46KB

.rsrc
Size: 52KB - Virtual size: 52KB