d1c0b0cb8a238be5950fc702482406cd_JaffaCakes118

General

Target

d1c0b0cb8a238be5950fc702482406cd_JaffaCakes118
Size

3.9MB
MD5

d1c0b0cb8a238be5950fc702482406cd
SHA1

2b8d27479eb9fcdc9ec9a10b837911bbf2593c43
SHA256

c826d44109577d5d85074dd5cc6ab81cf20b3274d9320fb79d7bdf97872ab9fb
SHA512

b82c537a2a98b5c62ebdefd86d2771f6d91380ec3102be5df9653205a31113646b6bc03604daf3909c22401f8f078bbce2a2b914973d632fc7d95649fd333d94
SSDEEP

98304:KnJBX5+Ef8k19PpGMPUQHsu/fBnfvLfdAMOc22yK:KQqGQF/fF3Lll

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d1c0b0cb8a238be5950fc702482406cd_JaffaCakes118

Files

d1c0b0cb8a238be5950fc702482406cd_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bddec5d949d0a3203c46df2322ae55d9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Ahe\uqoxumy\Utenuq\Yrudin.pdb

Imports

kernel32

MoveFileExA
GetCurrentProcessId
GetFileTime
GetDiskFreeSpaceA
GetTimeFormatA
FindClose
FindNextFileA
FindFirstFileA
TlsGetValue
TlsAlloc
SetTapePosition
VirtualProtect
CloseHandle
CreateToolhelp32Snapshot
Module32First
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersionExA
HeapFree
GetLastError
ReadFile
ExitProcess
GetProcAddress
TerminateProcess
GetCurrentProcess
SetFilePointer
WideCharToMultiByte
GetTimeZoneInformation
WriteFile
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapDestroy
HeapCreate
VirtualFree
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
GetACP
GetOEMCP
GetCPInfo
HeapAlloc
VirtualAlloc
HeapReAlloc
IsBadWritePtr
SetStdHandle
FlushFileBuffers
CreateFileA
LoadLibraryA
RtlUnwind
InterlockedExchange
VirtualQuery
GetLocaleInfoA
GetSystemInfo
LCMapStringA
LCMapStringW
HeapSize
SetEndOfFile
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetSystemTimeAsFileTime
CompareStringA
CompareStringW
SetEnvironmentVariableA

Sections

.text
Size: 568KB - Virtual size: 567KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 348KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bddec5d949d0a3203c46df2322ae55d9

Headers

File Characteristics

PDB Paths

Imports

kernel32

Sections

.text Size: 568KB - Virtual size: 567KB

.data Size: 348KB - Virtual size: 1.1MB

.tls Size: 4KB - Virtual size: 56B

.rsrc Size: 12KB - Virtual size: 11KB

.text
Size: 568KB - Virtual size: 567KB

.data
Size: 348KB - Virtual size: 1.1MB

.tls
Size: 4KB - Virtual size: 56B

.rsrc
Size: 12KB - Virtual size: 11KB