c7809f1eafcc50f74a7db7ce6c297779_JaffaCakes118

General

Target

c7809f1eafcc50f74a7db7ce6c297779_JaffaCakes118
Size

42KB
MD5

c7809f1eafcc50f74a7db7ce6c297779
SHA1

7787462108cc7f8a51c01a94b2a4700e0aa5d340
SHA256

667bb8f8ee1c54cf41ece311450b3a823140fccd4779450964025908c18fb085
SHA512

c263a155d125488fb0ad723676f74adf4af810f96636414ab295dd85348d84beca46ed7c30a361d604f1d590e11ae291bcb19b3882e4dccb5f3dfd8f03c5a1d8
SSDEEP

768:vBDtu7rNOjazew2rAXQBveqw7vR0zdT0R676KOPSfb6MSf5C+OUC0IQ3ymYCjrn8:xtdEAlo0zMKMjRiUiQACnx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c7809f1eafcc50f74a7db7ce6c297779_JaffaCakes118

Files

c7809f1eafcc50f74a7db7ce6c297779_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4a7a8b2f57886983475f994da1ee1a2b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateTapePartition
EndUpdateResourceA
ExitProcess
FreeLibrary
GetComputerNameA
GetDiskFreeSpaceExA
GetProfileIntW
GetTempFileNameW
GetTimeFormatW
GlobalFindAtomW
GlobalUnfix
InterlockedCompareExchange
IsBadCodePtr
LoadLibraryW
LocalHandle
PostQueuedCompletionStatus
ReadConsoleOutputW
RtlMoveMemory
TlsSetValue
WriteFileEx
_hwrite

advapi32

AccessCheckAndAuditAlarmA
AddAce
AllocateAndInitializeSid
ConvertAccessToSecurityDescriptorA
CryptAcquireContextA
CryptSetProviderW
CryptSignHashW
GetAccessPermissionsForObjectA
GetEffectiveRightsFromAclA
GetEffectiveRightsFromAclW
GetMultipleTrusteeW
GetServiceDisplayNameA
GetServiceDisplayNameW
ImpersonateLoggedOnUser
LookupPrivilegeNameA
OpenServiceW
RegQueryMultipleValuesW
RegSetValueExA
RegisterServiceCtrlHandlerA
SetEntriesInAclW
SetFileSecurityW
StartServiceA
StartServiceW

user32

AdjustWindowRectEx
CallWindowProcA
CascadeWindows
CharToOemBuffA
CreatePopupMenu
DdeClientTransaction
DefFrameProcA
EditWndProc
FindWindowExW
GetCapture
GetInputDesktop
IMPSetIMEW
InSendMessageEx
IsIconic
KillTimer
LoadImageA
LookupIconIdFromDirectoryEx
MsgWaitForMultipleObjects
RegisterClassExW
RegisterClassW
RegisterHotKey
ReleaseCapture
ScrollWindow
SetTimer
TranslateAcceleratorA
TranslateMDISysAccel
VkKeyScanA
WINNLSEnableIME
WinHelpW

Sections

.text
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4a7a8b2f57886983475f994da1ee1a2b

Headers

File Characteristics

Imports

kernel32

advapi32

user32

Sections

.text Size: 512B - Virtual size: 8KB

.data Size: 40KB - Virtual size: 44KB

.idata Size: - Virtual size: 12KB

.rsrc Size: - Virtual size: 8KB

.text
Size: 512B - Virtual size: 8KB

.data
Size: 40KB - Virtual size: 44KB

.idata
Size: - Virtual size: 12KB

.rsrc
Size: - Virtual size: 8KB