d5350fef4610ea62e842d922e1913527_JaffaCakes118

General

Target

d5350fef4610ea62e842d922e1913527_JaffaCakes118
Size

162KB
MD5

d5350fef4610ea62e842d922e1913527
SHA1

c399bed1caafe2f029b3f87215e680b481401014
SHA256

c35020aaa1af698408bb2805d1c9a576e70744be653c32959338c5b83161f4f8
SHA512

3b019b717fb8b7e2ba7b911b7349a20d884509061dda0d779f8a843f8b994109d7b22c15b621ac9e4c378b7783275f58dc48dc892e669b8a26e4f27785aaf0f5
SSDEEP

3072:umHt5MJfjLor+/zl6n5sSRWbX4lV6DMSeoupFd2ojZRcxz6LuDRWQlW4KF:umHt5kfjLH/zl6naSWbXDIRoOFgEYO+2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d5350fef4610ea62e842d922e1913527_JaffaCakes118

Files

d5350fef4610ea62e842d922e1913527_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0c34df9f6eddc4be7c0ed1b5fc7963c8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_filelengthi64
printf
strtok
remove
sqrt
_acmdln
_strlwr
_except_handler3
__setusermatherr
__getmainargs
strerror
_adjust_fdiv
wcstol
__set_app_type
_XcptFilter
log
_onexit
strrchr
_initterm
_exit
_putenv
__p__commode
__p__fmode
_isatty
exit
ungetc
isleadbyte

kernel32

FileTimeToDosDateTime
GetModuleHandleA
GetModuleFileNameW
WriteConsoleA
GetModuleHandleW
GetStartupInfoA
VirtualProtect
GetCPInfo
GetFileType
GetCommandLineA
WideCharToMultiByte
GetThreadLocale
lstrcmpiW
IsDebuggerPresent
SetFilePointer
InterlockedDecrement
SetFileAttributesA
GlobalReAlloc
CreateProcessW
VirtualFree

user32

GetMenu
GetForegroundWindow
RegisterClipboardFormatA
GetClassInfoA
FindWindowA
GetSysColorBrush
IntersectRect
UpdateWindow
CallNextHookEx
CheckMenuItem
DestroyCursor
ShowWindow
ScrollWindow
SetCursor
DestroyIcon
IsChild
GetMessagePos

oleaut32

VariantCopyInd
SysAllocStringLen
SafeArrayPtrOfIndex
VariantClear
SysStringLen
SysAllocStringByteLen
SafeArrayPutElement
GetErrorInfo
LoadTypeLib
GetActiveObject
SafeArrayRedim
SysStringByteLen
SafeArrayUnaccessData
SysReAllocStringLen
SafeArrayGetElement

advapi32

CopySid
AddAccessAllowedAce
RegCreateKeyA
OpenProcessToken
SetSecurityDescriptorOwner
GetSecurityDescriptorDacl
RegDeleteValueA
InitiateSystemShutdownA
GetTokenInformation
RegQueryInfoKeyA
OpenThreadToken
QueryServiceStatus
ControlService
SetSecurityDescriptorGroup

Sections

.text
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0c34df9f6eddc4be7c0ed1b5fc7963c8

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

oleaut32

advapi32

Sections

.text Size: 107KB - Virtual size: 106KB

.data Size: 29KB - Virtual size: 29KB

.rsrc Size: 24KB - Virtual size: 23KB

.text
Size: 107KB - Virtual size: 106KB

.data
Size: 29KB - Virtual size: 29KB

.rsrc
Size: 24KB - Virtual size: 23KB