d385f85141f34270d17134fe168fe65b_JaffaCakes118

General

Target

d385f85141f34270d17134fe168fe65b_JaffaCakes118
Size

224KB
MD5

d385f85141f34270d17134fe168fe65b
SHA1

c2f7f61133d1a86178d7925b6e321c84df846796
SHA256

2022cfe6b486c2c3a8b529804aeafccd92784138b698ccd684342335d2fb1aea
SHA512

25fb35919cff72073f2ed82f3627c91a46b68240c0dc9c3e59fcdbf4959f2feacb905b0699cd5467bf0553697bb191e8827e9a9509732444f9e5431dae8abebb
SSDEEP

6144:UaStZ6ezsoUZPki9CZP8goJlOn1vMRA3q7FE:UBuEjZ0rJlAMRDm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d385f85141f34270d17134fe168fe65b_JaffaCakes118

Files

d385f85141f34270d17134fe168fe65b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9387f1d4bbf496b9e7389d7218311fd6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TlsGetValue
GetLastError
VirtualFree
VirtualAlloc
GetModuleFileNameA
FlushFileBuffers
ReleaseMutex
WaitForSingleObject
GetFileAttributesA
VirtualProtect
LoadLibraryA
LocalReAlloc
VirtualLock
GetProcAddress
GetPriorityClass
GetModuleHandleA
HeapLock
ResetEvent
SetFileApisToANSI
SuspendThread
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
HeapSize
VirtualQuery
InterlockedExchange
RtlUnwind
HeapReAlloc
HeapAlloc
GetCPInfo
GetOEMCP
GetACP
GetSystemInfo
GetStartupInfoA
GetCommandLineA
GetVersionExA
ExitProcess
TerminateProcess
GetCurrentProcess
WriteFile
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapDestroy
HeapCreate
HeapFree

user32

EnumChildWindows
GetDesktopWindow
GetDC
GetCursorPos
LoadCursorA
UpdateWindow
ReleaseDC
CreateIcon
IsIconic
SetCursorPos
GetWindowRect
SetCursor
IsChild
InSendMessage
LoadBitmapA
SetTimer

psapi

EnumProcessModules
GetModuleBaseNameA

msvfw32

ICRemove

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9387f1d4bbf496b9e7389d7218311fd6

Headers

File Characteristics

Imports

kernel32

user32

psapi

msvfw32

Sections

.text Size: 20KB - Virtual size: 16KB

.rdata Size: 76KB - Virtual size: 73KB

.data Size: 8KB - Virtual size: 5KB

.rsrc Size: 116KB - Virtual size: 114KB

.text
Size: 20KB - Virtual size: 16KB

.rdata
Size: 76KB - Virtual size: 73KB

.data
Size: 8KB - Virtual size: 5KB

.rsrc
Size: 116KB - Virtual size: 114KB