d3834728c4218932c173f913133508c4_JaffaCakes118

General

Target

d3834728c4218932c173f913133508c4_JaffaCakes118
Size

136KB
MD5

d3834728c4218932c173f913133508c4
SHA1

0e89e11f95420f20798bc22d490fb2e9f41c2a7e
SHA256

e3878ce89a649cb83fad3ef358964026e81b497c61533620e0acdec8287a1d95
SHA512

034d248b7582912e9732a452b55d2651c11b0945da6a69cbe38b85c59c1f8f8d5249a0e6e2570256b6fc4c18548171fff904d0e39ee500e50133c180138c2e62
SSDEEP

96:Y77JDXwDX8dGTg1sVet1q1Im2YXflIs8Kry:Y72Tg1sa1qVXflI1Kry

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d3834728c4218932c173f913133508c4_JaffaCakes118

Files

d3834728c4218932c173f913133508c4_JaffaCakes118
.exe windows:0 windows x86 arch:x86

434b107d29447f9565567c7e1a178ebb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

AssignProcessToJobObject
BasepCheckWinSaferRestrictions
BeginUpdateResourceA
BuildCommDCBAndTimeoutsA
BuildCommDCBAndTimeoutsW
CheckRemoteDebuggerPresent
CloseHandle
CloseProfileUserMapping
CmdBatNotification
CompareStringA
CopyLZFile
CreateEventA
CreateFileA
CreateFileW
CreateHardLinkW
CreateJobObjectA
DeleteFileA
DeleteTimerQueueEx
DisableThreadLibraryCalls
DisconnectNamedPipe
DuplicateHandle
EnumSystemCodePagesA
EnumerateLocalComputerNamesA
EraseTape
EscapeCommFunction
ExtendVirtualBuffer
FatalAppExitW
FindClose
FindNextChangeNotification
FindNextFileW
FindVolumeClose
FlushFileBuffers
FlushViewOfFile
FreeConsole
FreeEnvironmentStringsA
GenerateConsoleCtrlEvent
GetAtomNameA
GetCompressedFileSizeW
GetConsoleAliasA
GetConsoleAliasExesLengthA
GetConsoleAliasW
GetConsoleCharType
GetConsoleInputExeNameW
GetConsoleOutputCP
GetConsoleSelectionInfo
GetCurrentThread
GetDateFormatW
GetDiskFreeSpaceExA
GetEnvironmentVariableA
GetFileType
GetFirmwareEnvironmentVariableA
GetFirmwareEnvironmentVariableW
GetFullPathNameA
GetModuleFileNameA
GetModuleHandleA
GetNamedPipeHandleStateA
GetNamedPipeInfo
GetNumaAvailableMemory
GetNumaProcessorMap
GetPrivateProfileSectionNamesW
GetPrivateProfileStringW
GetProcAddress
GetProcessId
GetProfileIntW
GetShortPathNameA
GetStdHandle
GetStringTypeA
GetSystemDefaultUILanguage
GetSystemTime
GetSystemWow64DirectoryA
GetThreadPriorityBoost
GetUserDefaultLCID
GetUserDefaultLangID
GetVersionExW
GetVolumeNameForVolumeMountPointW
GetVolumePathNamesForVolumeNameW
GlobalAlloc
GlobalFix
GlobalFree
GlobalReAlloc
GlobalUnfix
HeapFree
HeapQueryInformation
HeapSetInformation
HeapUnlock
HeapUsage
InitAtomTable
IsDebuggerPresent
LZDone
LoadLibraryA
LoadLibraryExW
LocalAlloc
LocalFree
LocalHandle
LockFile
LockResource
MulDiv
OpenFile
OpenProfileUserMapping
PeekConsoleInputA
Process32Next
QueryDosDeviceW
QueryMemoryResourceNotification
ReadConsoleA
ReadConsoleInputW
ReadConsoleOutputCharacterA
ReadConsoleOutputW
ReadFileEx
RegisterWowExec
ReplaceFileA
ResumeThread
RtlMoveMemory
SetCalendarInfoA
SetComputerNameA
SetConsoleInputExeNameA
SetConsoleMaximumWindowSize
SetConsoleNumberOfCommandsW
SetErrorMode
SetMessageWaitingIndicator
SetSystemPowerState
SetTapePosition
SetThreadContext
SetThreadIdealProcessor
SetThreadUILanguage
SetUnhandledExceptionFilter
SetVDMCurrentDirectories
SetVolumeMountPointW
SetWaitableTimer
SignalObjectAndWait
SleepEx
TerminateJobObject
Thread32First
TlsSetValue
UTRegister
UnlockFile
VDMOperationStarted
ValidateLCType
VirtualProtectEx
WaitCommEvent
WriteConsoleA
WritePrivateProfileStructW
_lwrite
lstrcmp
lstrcmpiW

Sections

.text
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

434b107d29447f9565567c7e1a178ebb

Headers

File Characteristics

Imports

kernel32

Sections

.text Size: 132KB - Virtual size: 131KB

.text
Size: 132KB - Virtual size: 131KB