c249215bdc84928a23023d3619cf29c2_JaffaCakes118

General

Target

c249215bdc84928a23023d3619cf29c2_JaffaCakes118
Size

1.2MB
MD5

c249215bdc84928a23023d3619cf29c2
SHA1

3310c24ebd2d652cab5c344f300e3353fc3cdf3d
SHA256

1a2f9e8a4b644e84ef956e91ec949b32c40fb209424963f46f57901d032b0fd4
SHA512

5a0b27ddbcb1207e2d745429780e3c8190fb637f4ebc3d5d889d55f05fbac8831612c2ec6859b61acb29efb15e8b13f16d496161d8c3c835b4b4c85c7e484766
SSDEEP

24576:EgjMmijrsEoJh7exnneXRonG3lZJOXw70LzDBLggYD:1jJi/i7+32YXwbD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c249215bdc84928a23023d3619cf29c2_JaffaCakes118

Files

c249215bdc84928a23023d3619cf29c2_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f0974559784b1051c9b25a122e006f09

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

FindWindowW
EqualRect
MapWindowPoints
SetCursorPos
MessageBoxW
SetMenuDefaultItem
MsgWaitForMultipleObjects
CharUpperW

kernel32

WriteConsoleW
SetFilePointerEx
SetStdHandle
GetConsoleMode
GetConsoleCP
FlushFileBuffers
RtlUnwind
GetProcAddress
GlobalAlloc
GlobalLock
GlobalFree
LocalFree
VirtualAlloc
HeapAlloc
HeapFree
ExitProcess
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetCurrentThreadId
GetLastError
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
WaitForSingleObject
GetFileType
SetEndOfFile
SetFilePointer
CloseHandle
FormatMessageW
TlsAlloc
CreateMutexW
CreateFileMappingW
GetModuleHandleW
GetStartupInfoW
GetCommandLineW
ExpandEnvironmentStringsW
FindResourceExW
CreateDirectoryW
GetFileAttributesW
FindFirstFileW
GetVersionExW
IsValidCodePage
GetACP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
GetStringTypeW
CreateFileW
SetLastError
EncodePointer
DecodePointer
GetModuleHandleExW
GetProcessHeap
GetStdHandle
DeleteCriticalSection
GetModuleFileNameW
WriteFile
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
Sleep
GetCurrentProcess
TerminateProcess
TlsGetValue
TlsSetValue
TlsFree
GetOEMCP
IsDebuggerPresent
IsProcessorFeaturePresent
LoadLibraryExW
OutputDebugStringW
HeapReAlloc
HeapSize
LCMapStringW

Sections

.text
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 751KB - Virtual size: 751KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 6.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 362KB - Virtual size: 361KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f0974559784b1051c9b25a122e006f09

Headers

File Characteristics

Imports

user32

kernel32

Sections

.text Size: 85KB - Virtual size: 84KB

.rdata Size: 751KB - Virtual size: 751KB

.data Size: 13KB - Virtual size: 6.6MB

.rsrc Size: 362KB - Virtual size: 361KB

.text
Size: 85KB - Virtual size: 84KB

.rdata
Size: 751KB - Virtual size: 751KB

.data
Size: 13KB - Virtual size: 6.6MB

.rsrc
Size: 362KB - Virtual size: 361KB