d099283d60a16ad4c7812d58593954cf_JaffaCakes118

General

Target

d099283d60a16ad4c7812d58593954cf_JaffaCakes118
Size

152KB
MD5

d099283d60a16ad4c7812d58593954cf
SHA1

647f92e6036631dffae3f4fe45ddba5a4f22450b
SHA256

8d81e6c9a947c564684c8fd2d4680d22d4a7b57deada3430e7f1c443fad439ef
SHA512

0a6d7341a5bd91ebd5bca4f732c809a5ee55c6ed9bfafbe38ced06552df65410d3529773eb65a797d3c07aa6aa969ab6c8e6b273d7d5132732d888a092923010
SSDEEP

1536:SpBTEB4oTLQRjAu22nukZxIOnjPyQSBx0xM89+l1FV4/C61bAYkEVMeOUK8pVCux:O24oTERh2+TZqOjaPBxyrgnVmhbvTqG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d099283d60a16ad4c7812d58593954cf_JaffaCakes118

Files

d099283d60a16ad4c7812d58593954cf_JaffaCakes118
.dll windows:4 windows x86 arch:x86

dea2756ed6f928678836e5fb18e3b04d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetUnhandledExceptionFilter
GetFileAttributesW
FindFirstFileW
SetErrorMode
FindClose
LoadLibraryW
GetSystemDirectoryW
ExpandEnvironmentStringsW
GetFullPathNameW
GetFileAttributesExW
GetProcAddress
GetVersionExW
lstrlenW
GetEnvironmentVariableW
GetSystemTime
UnhandledExceptionFilter
GetWindowsDirectoryW
OutputDebugStringA
Sleep
FreeLibrary
GetModuleFileNameW
InterlockedIncrement
lstrcmpW
ExitProcess
CreateThread
WaitForMultipleObjects
TerminateThread
WaitForSingleObject
GetExitCodeThread
SetEvent
TerminateProcess
GetDiskFreeSpaceW
GetDriveTypeW
GetCurrentProcess
CloseHandle
InterlockedExchange
MapViewOfFile
VirtualProtect
MoveFileExW
GetCommandLineA

advapi32

AdjustTokenPrivileges
CloseServiceHandle
RegDeleteKeyW
RegOpenKeyW
StartServiceCtrlDispatcherW
RegOpenKeyExW
SetServiceStatus
RegCloseKey
RegQueryValueExW

ole32

CoUninitialize
CoGetMalloc
CoInitializeEx
CoInitializeSecurity
CoCreateInstance

msvcrt

wcsspn
_adjust_fdiv
_initterm
exit
memset
malloc
free
_except_handler3
wcscmp
wcspbrk
iswctype
wcsrchr
wcschr
wcslen
_wcsnicmp
memmove
_wcsicmp
_vsnwprintf

Sections

.text
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dea2756ed6f928678836e5fb18e3b04d

Headers

File Characteristics

Imports

kernel32

advapi32

ole32

msvcrt

Sections

.text Size: 124KB - Virtual size: 123KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 36KB

.rsrc Size: 8KB - Virtual size: 4KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 124KB - Virtual size: 123KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 36KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 8KB - Virtual size: 4KB