be60da5a6848b2b03553ad025b9d2efa_JaffaCakes118

General

Target

be60da5a6848b2b03553ad025b9d2efa_JaffaCakes118
Size

65KB
MD5

be60da5a6848b2b03553ad025b9d2efa
SHA1

8ca458cb8257ca44a8d3b34e317642efc2db259b
SHA256

a600279a14988357ecbd82d52a8e2f7bf0139297642516251823f4a9f2eafc0a
SHA512

05da811450bbc829798c489c0a40ecea780460d445d9b7a581c3e105356148eb76e0181a6acbff7ebaf4ee9fb16a5a110be7ad7504409dc67d80cda02870811a
SSDEEP

768:jXDziw5QhgA8YOT3q7lCIWduymhNLyiVPBT9719P3dxEDMAnJNa75Na7:jXshgVYOm7lCNdCNL9VPBFP6Qg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
be60da5a6848b2b03553ad025b9d2efa_JaffaCakes118

Files

be60da5a6848b2b03553ad025b9d2efa_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f29021accbf653862cc6d6119d4daedb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_BIND
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\My Files\Coding\RunPE\Release\RunPE.pdb

Imports

kernel32

GetThreadContext
SetThreadContext
OpenProcess
Sleep
CreateProcessA
GetProcAddress
VirtualAllocEx
GetProcessId
GetModuleFileNameA
GetModuleHandleA
WriteProcessMemory
ResumeThread
GetLastError
HeapFree
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
GetCommandLineA
HeapSetInformation
HeapCreate
GetModuleHandleW
ExitProcess
DecodePointer
WriteFile
GetStdHandle
GetModuleFileNameW
EncodePointer
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
RtlUnwind
MultiByteToWideChar
ReadFile
SetFilePointer
CloseHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LoadLibraryW
HeapReAlloc
WriteConsoleW
SetStdHandle
CreateFileA
IsProcessorFeaturePresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
CreateFileW
GetStringTypeW
SetEndOfFile
GetProcessHeap
LCMapStringW

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f29021accbf653862cc6d6119d4daedb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Sections

.text Size: 33KB - Virtual size: 33KB

.data Size: 20KB - Virtual size: 20KB

.rsrc Size: 512B - Virtual size: 436B

.text
Size: 33KB - Virtual size: 33KB

.data
Size: 20KB - Virtual size: 20KB

.rsrc
Size: 512B - Virtual size: 436B