b79e067c30f4e4d795df3a9cd5f4c06d_JaffaCakes118

General

Target

b79e067c30f4e4d795df3a9cd5f4c06d_JaffaCakes118
Size

462KB
MD5

b79e067c30f4e4d795df3a9cd5f4c06d
SHA1

d9f5a2e9ac5611588b80acc5bbaa3f5db2f21582
SHA256

046153a80dc04b1fda2b91ee87c956e5d547f689c8787431a6500132d687793d
SHA512

87b1d5ad6904893fe28f25bebf4471c6f17be4870800d781fc8e86ca1534514679254c56d89f5bc5d15e4658805f6b6fd3fc63be30cd863de2216fff4940b783
SSDEEP

12288:joo4sZIaa7+b2XOiOvAZsGz7JP0Rv1NWyq6IDmkKZeF:jVaaa7zX/OEsiJP0V14yq6IDmkKZeF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b79e067c30f4e4d795df3a9cd5f4c06d_JaffaCakes118

Files

b79e067c30f4e4d795df3a9cd5f4c06d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

383900298b21b29d9819d71493f867df

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegRestoreKeyW
RegQueryValueW
ReportEventA
InitiateSystemShutdownA
CryptGenRandom
RevertToSelf
RegOpenKeyA

comdlg32

PrintDlgW

kernel32

SetLastError
DeleteCriticalSection
InitializeCriticalSection
WriteFile
FreeEnvironmentStringsW
GetDateFormatA
HeapReAlloc
VirtualAlloc
GetTickCount
HeapAlloc
GetCurrentProcessId
TlsSetValue
GetStringTypeA
GetCurrentProcess
GetLocaleInfoA
EnterCriticalSection
GetEnvironmentStringsW
GetStartupInfoA
HeapFree
VirtualProtect
OpenEventA
GetLocaleInfoW
TerminateProcess
GetStdHandle
RtlUnwind
ExitProcess
LCMapStringW
TlsFree
LoadLibraryA
GetFileType
CompareStringA
LeaveCriticalSection
EnumSystemLocalesA
FreeEnvironmentStringsA
GetCurrentThread
WriteConsoleInputW
LCMapStringA
GetSystemInfo
SetHandleCount
GetACP
GetModuleHandleA
MultiByteToWideChar
IsValidLocale
GetCPInfo
SetEnvironmentVariableA
GetSystemTimeAsFileTime
GetVersionExA
lstrcatW
GetEnvironmentStrings
HeapSize
GetModuleFileNameA
GetTimeFormatA
GetCurrentThreadId
VirtualQuery
GetCommandLineA
IsBadWritePtr
GetLastError
lstrcmpA
GetTimeZoneInformation
IsValidCodePage
CompareStringW
GetProcAddress
TlsGetValue
InterlockedExchange
HeapDestroy
TlsAlloc
HeapCreate
QueryPerformanceCounter
UnhandledExceptionFilter
GetOEMCP
GetUserDefaultLCID
GetStringTypeW
VirtualFree
WideCharToMultiByte

Sections

.text
Size: 163KB - Virtual size: 163KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 279KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

383900298b21b29d9819d71493f867df

Headers

File Characteristics

Imports

advapi32

comdlg32

kernel32

Sections

.text Size: 163KB - Virtual size: 163KB

.rdata Size: 7KB - Virtual size: 24KB

.data Size: 279KB - Virtual size: 279KB

.rsrc Size: 11KB - Virtual size: 11KB

.text
Size: 163KB - Virtual size: 163KB

.rdata
Size: 7KB - Virtual size: 24KB

.data
Size: 279KB - Virtual size: 279KB

.rsrc
Size: 11KB - Virtual size: 11KB