b362a5227fd471fa47cb336207203c56_JaffaCakes118

General

Target

b362a5227fd471fa47cb336207203c56_JaffaCakes118
Size

80KB
MD5

b362a5227fd471fa47cb336207203c56
SHA1

696911b25d1b2ab917259780c48864fd6dad40a3
SHA256

5e8f94db1d86fc446e2ae6642e7770e52ce5a78bb0af609aa0d199fd5de19284
SHA512

47cf935872897831a18a82abe3f5e28ee41c3f2af341c5e1989236fd9fb2d5661c0117fd3b979dd719afe8493b8b066cf6eab90bb3c600eb8f2ec3a9395c3003
SSDEEP

1536:qNZKQP2X2NPe4154yEW9uv2Kzbv7UGMNPXhezXRAUGvTxuwFtup:YZNoyEWEe7GOhAXRAUGvF/Ftup

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b362a5227fd471fa47cb336207203c56_JaffaCakes118

Files

b362a5227fd471fa47cb336207203c56_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3a8b4dbb748484589c3a9c7c1cdeb232

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeLibrary
LoadLibraryA
GetCurrentProcess
GetProcAddress
GetFileAttributesA
GetModuleHandleA
ExitProcess
HeapAlloc
GetCommandLineA
HeapFree
GetVersionExA
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
GetLastError
InterlockedDecrement
WriteFile
GetStdHandle
GetModuleFileNameA
DeleteCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
HeapReAlloc
HeapDestroy
HeapCreate
CloseHandle
SetHandleCount
GetFileType
GetStartupInfoA
RtlUnwind
MultiByteToWideChar
ReadFile
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
Sleep
GetCPInfo
GetACP
GetOEMCP
SetFilePointer
GetConsoleCP
GetConsoleMode
HeapSize
GetLocaleInfoA
SetStdHandle
FlushFileBuffers
CreateFileA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
OpenProcessToken

userenv

ExpandEnvironmentStringsForUserA

Sections

.text
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3a8b4dbb748484589c3a9c7c1cdeb232

Headers

File Characteristics

Imports

kernel32

advapi32

userenv

Sections

.text Size: 52KB - Virtual size: 49KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 8KB - Virtual size: 26KB

.rsrc Size: 4KB - Virtual size: 176B

.text
Size: 52KB - Virtual size: 49KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 8KB - Virtual size: 26KB

.rsrc
Size: 4KB - Virtual size: 176B