b3a7a17180e5fe8bf29aaa7d1e301df1_JaffaCakes118

General

Target

b3a7a17180e5fe8bf29aaa7d1e301df1_JaffaCakes118
Size

220KB
MD5

b3a7a17180e5fe8bf29aaa7d1e301df1
SHA1

336af573a793ec00a9079cb4e417d2adcb392606
SHA256

3bd01216250bf25d5e050fee8002f139fe131251d703fb620e53d3d9413280ca
SHA512

46fedb174ae8737437aa6e64c62b73bf0c0636f46580e6bf152210d0a6d7f438fe5e519801c45f8fde1250629c76bc620de00af2c7f54157eda1c3a785c48058
SSDEEP

3072:jGxBzAClvFPEBI5W+kKayFHHyhy+7JT+t4vY55nOQx5jCdlZ0d1Ek366PDuj9chY:av91nIGHHUly6Kk7/0d1Ek36sKpnSS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b3a7a17180e5fe8bf29aaa7d1e301df1_JaffaCakes118

Files

b3a7a17180e5fe8bf29aaa7d1e301df1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

84798e7fa908855d41d99d7d12663db6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualProtect
VirtualLock
VirtualFree
GetLastError
CreateEventA
VirtualUnlock
Sleep
VirtualAlloc
GetEnvironmentStrings
ResetEvent
GlobalLock
OpenMutexA
FindFirstFileA
GetExitCodeProcess
LoadLibraryA
GetCurrentProcessId
GetProcAddress
SetEvent
GetModuleHandleA
HeapReAlloc
ExitProcess
WaitForMultipleObjects
VirtualAllocEx
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
HeapSize
VirtualQuery
InterlockedExchange
RtlUnwind
HeapAlloc
GetCPInfo
GetOEMCP
GetACP
GetSystemInfo
HeapFree
HeapCreate
HeapDestroy
GetFileType
SetHandleCount
GetStartupInfoA
GetCommandLineA
GetVersionExA
TerminateProcess
GetCurrentProcess
WriteFile
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW

user32

GetTopWindow
GetSysColorBrush
LoadCursorA
GetDesktopWindow
GetDC
SetTimer
ReleaseDC
CreateIcon
IsIconic
SetCursorPos
GetWindowRect
SetCursor
GetLastActivePopup
SendMessageA
DestroyWindow
LoadStringA
GetCursorPos

shell32

ord256

psapi

EnumProcessModules
EmptyWorkingSet
GetWsChanges
GetProcessMemoryInfo

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 156KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

84798e7fa908855d41d99d7d12663db6

Headers

File Characteristics

Imports

kernel32

user32

shell32

psapi

Sections

.text Size: 20KB - Virtual size: 16KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 32KB - Virtual size: 32KB

.rsrc Size: 156KB - Virtual size: 153KB

.text
Size: 20KB - Virtual size: 16KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 32KB - Virtual size: 32KB

.rsrc
Size: 156KB - Virtual size: 153KB