d532d4e1dc4a8f0befb6908cc013590d_JaffaCakes118

General

Target

d532d4e1dc4a8f0befb6908cc013590d_JaffaCakes118
Size

188KB
MD5

d532d4e1dc4a8f0befb6908cc013590d
SHA1

1167d715c1a0774c2f1f3d461679ef0bfad77e72
SHA256

42ba738539b82f7c1eeb423c639a589f433d0f6ab12636cdf56fb9ac39c33ad3
SHA512

0a9cb2ee9302facd1c0f4661a575929beade965574c24413c9084c9484f3b142fad3a4072e21c3e9da00b436cc67adb5c5351e639afa40957544905d0c688760
SSDEEP

3072:C7+mP819ZwfMQSgpDmZjSf1PbbbKB2t98F/aLqQFDxqiCJYq6BKXzAuWc2XSbQc0:Lmk19EfFmZOtbbKBlaLqsDoH15XzdLTQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d532d4e1dc4a8f0befb6908cc013590d_JaffaCakes118

Files

d532d4e1dc4a8f0befb6908cc013590d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9b98e4efa03d9b624112d0cf0f3bcc24

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

MultiByteToWideChar
DeleteCriticalSection
GetThreadPriority
InterlockedDecrement
LCMapStringA
WideCharToMultiByte
InterlockedIncrement
IsDebuggerPresent
WriteConsoleA
GetProcessHeap
GlobalAlloc
WriteConsoleW
HeapFree
SetCommConfig
CloseHandle
IsValidCodePage
LeaveCriticalSection
GetVersionExA
HeapReAlloc
IsValidLocale
HeapSize
TerminateProcess
HeapAlloc
GetCPInfo
SetUnhandledExceptionFilter
GetLocaleInfoW
GetProcAddress
GetFullPathNameW
EnumResourceNamesA
GetCurrentDirectoryW
GetCurrentThreadId
CreateFileA
RaiseException
SetStdHandle
RtlUnwind
GetCommandLineA
ExitProcess
GetConsoleOutputCP
GetUserDefaultLCID
EnumSystemLocalesA
WriteFile
GetCurrentProcess
GetLastError
UnhandledExceptionFilter
Sleep
ReadFile
EnterCriticalSection
SetEndOfFile
LCMapStringW
GetModuleHandleA
GetModuleFileNameW
ExitProcess
InitializeCriticalSection
GetFullPathNameA

user32

GetClassLongA
MessageBoxW

rpcrt4

UuidCreate

advapi32

RegCloseKey
RegCreateKeyExW
RegSetValueExW

shell32

SHFileOperationW
SHCreateDirectoryExW
SHGetFolderPathW

Sections

.text
Size: 154KB - Virtual size: 153KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt
Size: 512B - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9b98e4efa03d9b624112d0cf0f3bcc24

Headers

File Characteristics

Imports

kernel32

user32

rpcrt4

advapi32

shell32

Sections

.text Size: 154KB - Virtual size: 153KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 31KB - Virtual size: 30KB

.crt Size: 512B - Virtual size: 88KB

.text
Size: 154KB - Virtual size: 153KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 31KB - Virtual size: 30KB

.crt
Size: 512B - Virtual size: 88KB