cfa8b35028e9d780d186396ca7bdb466_JaffaCakes118

General

Target

cfa8b35028e9d780d186396ca7bdb466_JaffaCakes118
Size

168KB
MD5

cfa8b35028e9d780d186396ca7bdb466
SHA1

35ed4d18fe10ea8286b19dd72ed6b11ca20bd5fa
SHA256

faa1209ad5bec363e27e771987822d6ec3bed27d41d3a811c6fae16740b32b96
SHA512

e26adfb7cd2e256e288d15f1920c63b87d803279043ac0caa9c5ebcf314754d26f1b9d86b94917378f1caf50bcb0f83de1e33b05a3915dd4185bbbcd93290c9b
SSDEEP

3072:B6q4+t1/USGsd+1lNOEyJj59bOcPnHSDVd+8kmhQhHlm0jOHh:B6q4+t1/Udw+1fB25NnnHSL+YuhHlmqO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cfa8b35028e9d780d186396ca7bdb466_JaffaCakes118

Files

cfa8b35028e9d780d186396ca7bdb466_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cd7f20e2b2bf9abed104af1f576b983d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GetCurrentProcess
GetProcAddress
LoadLibraryA
lstrcpyA
GetLastError
GetModuleFileNameA
WinExec
CopyFileA
MoveFileA
GetLocalTime
GetFileAttributesA
HeapFree
HeapAlloc
GetProcessHeap
ReadFile
SetFilePointer
CreateFileA
GetPrivateProfileStringA
WritePrivateProfileStringA
CreateDirectoryA
ExitProcess
Sleep
CreateThread
FreeResource
CloseHandle
lstrlenA
GetTickCount
WriteFile
SizeofResource
LoadResource
FindResourceA
WideCharToMultiByte
MultiByteToWideChar
GetStartupInfoA
RaiseException
InterlockedExchange
LocalAlloc
FreeLibrary

ntdll

RtlUnwind
strcpy
strncat
strcat
strchr
strlen
memcpy
memset
_strnicmp
_chkstk

netapi32

NetUserGetLocalGroups
NetApiBufferFree

msvcrt

_strrev
_controlfp
__set_app_type
__p__fmode
exit
__CxxFrameHandler
??3@YAXPAX@Z
??2@YAPAXI@Z
rand
realloc
malloc
??1type_info@@UAE@XZ
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode

Sections

Helples
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 145KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cd7f20e2b2bf9abed104af1f576b983d

Headers

File Characteristics

Imports

kernel32

ntdll

netapi32

msvcrt

Sections

Helples Size: 8KB - Virtual size: 7KB

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 3KB - Virtual size: 3KB

.rsrc Size: 145KB - Virtual size: 144KB

Helples
Size: 8KB - Virtual size: 7KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 145KB - Virtual size: 144KB