d3e8c8a306297bf00dcd7a2e6fba57a6_JaffaCakes118

General

Target

d3e8c8a306297bf00dcd7a2e6fba57a6_JaffaCakes118
Size

36KB
MD5

d3e8c8a306297bf00dcd7a2e6fba57a6
SHA1

6e313d59495493769a9973da5c8c45cf1f46f1c5
SHA256

b276a6d0bdb7c185026119cbf835291f3fe70f25217e12368cf4b18677b96383
SHA512

f490dda595acfcc45b525d331fb62da73c4d971fc49a0ec0c0cb372e28495809cb96901cf75fe6c37fc620bac44bac27010caa8bd48dfc57c3a244e64123277f
SSDEEP

768:AtctL8g9OZnaANh2Hvhws8Q72gjv4AxseIcX:At/g4Y+hpuvrsh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d3e8c8a306297bf00dcd7a2e6fba57a6_JaffaCakes118

Files

d3e8c8a306297bf00dcd7a2e6fba57a6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ad05cf1d580db87e85a5122f4db48ca8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindResourceA
GetCurrentDirectoryA
GetModuleHandleA
GetStringTypeA
LoadResource
LCMapStringA
MultiByteToWideChar
LoadLibraryA
GetProcAddress
LockResource
SizeofResource
DeleteFileA
GetCurrentThreadId
DeviceIoControl
Sleep
OutputDebugStringA
GetCurrentProcess
GetVersion
CreateFileA
CloseHandle
LCMapStringW
GetLastError
GetOEMCP
GetACP
GetCPInfo
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetStringTypeW
IsBadWritePtr
HeapReAlloc
VirtualAlloc
WriteFile
VirtualFree
RtlUnwind
GetStartupInfoA
GetCommandLineA
ExitProcess
HeapFree
HeapAlloc
TerminateProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate

user32

GetFocus
AttachThreadInput
GetWindowThreadProcessId
GetWindowTextA
GetForegroundWindow

advapi32

GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
OpenSCManagerA
OpenServiceA
StartServiceA
CreateServiceA
CloseServiceHandle
OpenProcessToken

msvcrt

_iob
??1type_info@@UAE@XZ
_purecall
_sopen
_lseek
_read
_write
_close
fflush

Sections

.data
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ad05cf1d580db87e85a5122f4db48ca8

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

Sections

.data Size: 29KB - Virtual size: 29KB

.rsrc Size: 6KB - Virtual size: 5KB

.data
Size: 29KB - Virtual size: 29KB

.rsrc
Size: 6KB - Virtual size: 5KB