b363567c23bb2855a9e22803d22d0cf7_JaffaCakes118

General

Target

b363567c23bb2855a9e22803d22d0cf7_JaffaCakes118
Size

551KB
MD5

b363567c23bb2855a9e22803d22d0cf7
SHA1

42ee67b02a2e43a4bda95fee64a38d9d26b5e710
SHA256

abbb11d1c5ca9445cca025cddd614d71730f2a2fcc001be5bd48f6a2785f3217
SHA512

891e2405c391fbcbd48968858847937bb20c206a0c548aac98b6c9f91a3b9b143338338ebfb45a2a8babda977d628f4d8e24fc0be137f3588e47a1dfe01f708d
SSDEEP

12288:fGQdZM82l/xYd63IltOzzSZO9Af1QDhLPAH/gKlv7HD2jXlnBHZa:OQdS84Yd63Iezp9aES5TKDlBHZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b363567c23bb2855a9e22803d22d0cf7_JaffaCakes118

Files

b363567c23bb2855a9e22803d22d0cf7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3cf31b27b0cc22afc6b823c48947f8b3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crtdll

wcstombs
longjmp
isalnum
_umask
_loaddll
_itoa
_getw
_finite
_exit
_chmod
_CItanh

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

rpcrt4

tree_peek_ndr
long_from_ndr_temp
double_array_from_ndr
RpcSsAllocate
RpcServerUseProtseqExA
RpcServerUseAllProtseqs
RpcMgmtIsServerListening
RpcMgmtEnableIdleCleanup
RpcCancelThread
RpcBindingInqAuthClientExA
MesEncodeIncrementalHandleCreate
MIDL_wchar_strlen
CStdStubBuffer_CountRefs

ntdll

RtlCreateTagHeap
RtlCreateUnicodeString
RtlEqualSid
RtlCharToInteger
RtlFreeUnicodeString
RtlLeaveCriticalSection
RtlLockHeap
RtlNtStatusToDosError
RtlQueryRegistryValues
RtlUnwind
_wcsicmp
memmove
strstr
wcscat
NtUnmapViewOfSection
NtTerminateThread
NtSetValueKey
NtQueryValueKey
NtQueryInstallUILanguage
NtQueryInformationProcess
NtQueryDefaultLocale
NtOpenThreadToken
NtOpenSymbolicLinkObject
NtNotifyChangeKey
NtCreateSemaphore
NtClose
RtlExpandEnvironmentStrings_U

kernel32

EnterCriticalSection
EnumResourceLanguagesW
EnumResourceNamesA
ExitProcess
ExitThread
FlushFileBuffers
GetACP
GetCommandLineA
GetLastError
GetLocalTime
GetModuleHandleA
lstrlenA
lstrcpynA
lstrcmpA
lstrcatA
VirtualFree
VirtualAlloc
TlsAlloc
SetUnhandledExceptionFilter
SetLastError
OpenFileMappingA
LocalAlloc
LoadResource
LeaveCriticalSection
HeapAlloc
GetTimeFormatA
GetSystemDirectoryA
GetStartupInfoA
GetOEMCP
CompareStringA

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 487KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3cf31b27b0cc22afc6b823c48947f8b3

Headers

File Characteristics

Imports

crtdll

version

rpcrt4

ntdll

kernel32

Sections

.text Size: 32KB - Virtual size: 32KB

.data Size: 487KB - Virtual size: 1.1MB

.rsrc Size: 31KB - Virtual size: 30KB

.text
Size: 32KB - Virtual size: 32KB

.data
Size: 487KB - Virtual size: 1.1MB

.rsrc
Size: 31KB - Virtual size: 30KB