d20d75ed58f0981c0d5caa0e9fb7b70a_JaffaCakes118

General

Target

d20d75ed58f0981c0d5caa0e9fb7b70a_JaffaCakes118
Size

128KB
MD5

d20d75ed58f0981c0d5caa0e9fb7b70a
SHA1

ae215896d6b1692954a8329ad508f6538c619395
SHA256

41a748b3ed9b45832b91fb8c3300626a687663e7e4e070a8dffbe0938590c207
SHA512

0c7a6113be38b2f76488b8812eaa89be36bfc4dadeff4bfa5aa332d309f2e9ec97dcad50e69fddcb53bad58d254c744a4d093fc8bd602a0b5e8f4a00d62168c5
SSDEEP

3072:gMhX8NJTJdzM0NuYL6NrOsCzRIqD3CASg3uQBD4:zX8NFfzM0Nj6S5aqzRSgbE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d20d75ed58f0981c0d5caa0e9fb7b70a_JaffaCakes118

Files

d20d75ed58f0981c0d5caa0e9fb7b70a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a1337f58b90439ed36609a4d1b1d2d97

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
FreeResource
lstrlenA
CreateThread
SizeofResource
CreateFileW
LoadResource
FindResourceW
GetCurrentProcess
GetFileAttributesW
GetSystemDirectoryW
lstrcatW
ExitProcess
CreateMutexA
GetLastError
ReleaseMutex
CloseHandle
lstrcpyA
DeleteFileW
GetModuleFileNameA
lstrlenW
Sleep
VirtualAllocEx
VirtualProtectEx
GetModuleHandleW
WriteProcessMemory
LoadLibraryW
GetProcAddress
WriteFile
VirtualQueryEx

user32

LoadIconW
LoadCursorW
RegisterClassExW
CreateWindowExW
UpdateWindow
GetMessageW
TranslateMessage
DispatchMessageW
FindWindowW
ShowWindow
SendMessageW
DefWindowProcW

advapi32

RegOpenKeyExW
RegSetValueExW
RegCloseKey
RegQueryValueExW
RegRestoreKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegCreateKeyExW
CreateServiceW
CloseServiceHandle
DeleteService
OpenServiceW
OpenSCManagerW
StartServiceW
ChangeServiceConfigW
RegDeleteValueW

msvcrt

fread
ftell
fseek
fclose
fopen
strstr
strchr
_except_handler3
realloc
malloc
??2@YAPAXI@Z

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a1337f58b90439ed36609a4d1b1d2d97

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 7KB

.rsrc Size: 117KB - Virtual size: 117KB

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 7KB

.rsrc
Size: 117KB - Virtual size: 117KB