b52c42fb6713abfb1ec7183a279d8f84_JaffaCakes118

General

Target

b52c42fb6713abfb1ec7183a279d8f84_JaffaCakes118
Size

208KB
MD5

b52c42fb6713abfb1ec7183a279d8f84
SHA1

ccb4f030984ee6bd39162c635e9ebbf488463f90
SHA256

25eed3cb2d97717ad6701fe574905acecc971bf46c7a0c4b7168d0bb79fc0acc
SHA512

797d8a0e0fffa0541f275c913cd54436806e1b78bf0258060be7654634db7d60cb459bf8db53412ea62f42c8c1ca983a20240563a89add2f7df7f2b533bc344f
SSDEEP

3072:kb3Y3f59nZxoeo4xOS+SMonZOYhhMrIB6Qqtoia8GXihEouZgaG0EfWy8QRN:kb3SnboeoNSFUYhEYwULihEouZaR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b52c42fb6713abfb1ec7183a279d8f84_JaffaCakes118

Files

b52c42fb6713abfb1ec7183a279d8f84_JaffaCakes118
.dll windows:4 windows x86 arch:x86

45a00b15d1fbc889ec6e4b67524fe6a9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
GetModuleHandleW
GetCurrentProcess
lstrcpyW
lstrcatW
GetSystemWindowsDirectoryW
lstrlenW
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
LoadLibraryA
HeapReAlloc
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
RtlUnwind

ole32

CoUninitialize
CoCreateInstance
CoInitializeEx

oleaut32

SysAllocString
SysStringLen
SysFreeString

Exports

Exports

CAPT_AddFwExceptions
CAPT_AddFwExceptionsEx
CAPT_FwExceptionsIsEnabled
CAPT_FwExceptionsIsEnabledEx
CAPT_FwIsEnabled
CAPT_GetOsInfo
CAPT_RemoveFwExceptions
CAPT_RemoveFwExceptionsEx
IsWow64
MakePathToRPCS

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 176KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

45a00b15d1fbc889ec6e4b67524fe6a9

Headers

File Characteristics

Imports

kernel32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 13KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 176KB - Virtual size: 174KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 16KB - Virtual size: 13KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 176KB - Virtual size: 174KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 1KB