d0dd817dbfecbd6295832f5981895f4c_JaffaCakes118

General

Target

d0dd817dbfecbd6295832f5981895f4c_JaffaCakes118
Size

182KB
MD5

d0dd817dbfecbd6295832f5981895f4c
SHA1

5bdc806036fec2b8e732461a1deda93ee68f5762
SHA256

69f385f0371e32f0d91cef1e9b55a78056ee160067bf1afc06c07e4a40387121
SHA512

5f4eca3284b40ee234661c47fec071ef64256b0e5bd6f1105bf4ae140c6d426cd69b199c676aded443af443436a579358691dfe30e28fab3c0bc17918bf65a56
SSDEEP

3072:4A+XMJP1lOzfa6HTJm2TAy2BQOezk3zQj0viAAl7yjXC6kwDh6uFMRgW+:6XMMzDt3TApBQOezk38j0ol7Puab+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d0dd817dbfecbd6295832f5981895f4c_JaffaCakes118

Files

d0dd817dbfecbd6295832f5981895f4c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

02bc8865fe6299a369fd0df7ba5f334d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\Download\peldr4\peldr9\Release\peldr9.pdb

Imports

shlwapi

StrStrA

kernel32

GetStartupInfoA
VirtualProtect
CreateFileA
ReadFile
SetFilePointer
WriteFile
CloseHandle
GetFileSize
GlobalAlloc
GetCurrentProcessId
ExitProcess
CreateFileW
GetModuleHandleA
Sleep
VirtualAlloc
GetTickCount
GetProcAddress
LoadLibraryA
GetTempPathA
GlobalAddAtomA
CreateProcessA
CopyFileA
lstrcatA
DeleteFileA
GetModuleFileNameA
GetLastError
lstrcpyA
GetModuleFileNameW
GetSystemTime
GetCommandLineA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
GetSystemInfo
GetVersionExA
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
HeapAlloc
TerminateProcess
GetCurrentProcess
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
InterlockedExchange
VirtualQuery
HeapReAlloc
GetACP
GetOEMCP
GetCPInfo
HeapSize

user32

GetActiveWindow
GetSystemMetrics
GetWindowLongA
GetDesktopWindow

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

02bc8865fe6299a369fd0df7ba5f334d

Headers

File Characteristics

PDB Paths

Imports

shlwapi

kernel32

user32

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 47KB

.rsrc Size: 4KB - Virtual size: 696B

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 47KB

.rsrc
Size: 4KB - Virtual size: 696B