b4c2a8b6b0e1e21e408e6eabc3a899bd_JaffaCakes118

General

Target

b4c2a8b6b0e1e21e408e6eabc3a899bd_JaffaCakes118
Size

550KB
MD5

b4c2a8b6b0e1e21e408e6eabc3a899bd
SHA1

42766a247ac5327a9454130ec0a7473c9fe47f53
SHA256

5c899a3936a78e1f477337bf044942bfc441c7eb1e1fa6a6aad05606328fb725
SHA512

fbca4ee0e8a60502b42b2c474d6dcd6060e7f8e5fe0c37d1f9ffd51336b0562c97abb489e80a4a905ee1c1d5e66853aabf073c5bff0e21e74b9474858619aa24
SSDEEP

12288:srztkhD/RKTwESo4YaSjvRUA/+qlqkUkgyTVQvI7C0j6iOCoWwFka:sPtkdRq7SbJZkgy5vCrooWgk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b4c2a8b6b0e1e21e408e6eabc3a899bd_JaffaCakes118

Files

b4c2a8b6b0e1e21e408e6eabc3a899bd_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3cf31b27b0cc22afc6b823c48947f8b3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crtdll

wcstombs
longjmp
isalnum
_umask
_loaddll
_itoa
_getw
_finite
_exit
_chmod
_CItanh

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

rpcrt4

tree_peek_ndr
long_from_ndr_temp
double_array_from_ndr
RpcSsAllocate
RpcServerUseProtseqExA
RpcServerUseAllProtseqs
RpcMgmtIsServerListening
RpcMgmtEnableIdleCleanup
RpcCancelThread
RpcBindingInqAuthClientExA
MesEncodeIncrementalHandleCreate
MIDL_wchar_strlen
CStdStubBuffer_CountRefs

ntdll

RtlCreateTagHeap
RtlCreateUnicodeString
RtlEqualSid
RtlCharToInteger
RtlFreeUnicodeString
RtlLeaveCriticalSection
RtlLockHeap
RtlNtStatusToDosError
RtlQueryRegistryValues
RtlUnwind
_wcsicmp
memmove
strstr
wcscat
NtUnmapViewOfSection
NtTerminateThread
NtSetValueKey
NtQueryValueKey
NtQueryInstallUILanguage
NtQueryInformationProcess
NtQueryDefaultLocale
NtOpenThreadToken
NtOpenSymbolicLinkObject
NtNotifyChangeKey
NtCreateSemaphore
NtClose
RtlExpandEnvironmentStrings_U

kernel32

EnterCriticalSection
EnumResourceLanguagesW
EnumResourceNamesA
ExitProcess
ExitThread
FlushFileBuffers
GetACP
GetCommandLineA
GetLastError
GetLocalTime
GetModuleHandleA
lstrlenA
lstrcpynA
lstrcmpA
lstrcatA
VirtualFree
VirtualAlloc
TlsAlloc
SetUnhandledExceptionFilter
SetLastError
OpenFileMappingA
LocalAlloc
LoadResource
LeaveCriticalSection
HeapAlloc
GetTimeFormatA
GetSystemDirectoryA
GetStartupInfoA
GetOEMCP
CompareStringA

Sections

.text
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 487KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3cf31b27b0cc22afc6b823c48947f8b3

Headers

File Characteristics

Imports

crtdll

version

rpcrt4

ntdll

kernel32

Sections

.text Size: 31KB - Virtual size: 30KB

.data Size: 487KB - Virtual size: 1.1MB

.rsrc Size: 31KB - Virtual size: 30KB

.text
Size: 31KB - Virtual size: 30KB

.data
Size: 487KB - Virtual size: 1.1MB

.rsrc
Size: 31KB - Virtual size: 30KB