d6e3d450e2e4ae951ec4ce29356c5e28_JaffaCakes118

General

Target

d6e3d450e2e4ae951ec4ce29356c5e28_JaffaCakes118
Size

2.6MB
MD5

d6e3d450e2e4ae951ec4ce29356c5e28
SHA1

d75b6b30030d7acdcd355a568135b11d440e049a
SHA256

6d06edc16c21b6668a17425db1d043e107b65da4c6bac4e1bbcccd429f22859e
SHA512

545d82ca86e6ca1207adf59e5e166bd0cfb2bf05be06e70fd4a140d6d514dcbb35983065238886ec925a8e7e5e70219d6a7bd3ae0ff2b35bfe403343bc977a0a
SSDEEP

49152:Kto7DZTXBy5zktnJQjLdV/LJ1plNvx03sQF9j+1eB+lbwkC5u+NiVU31:m+NT0AtC33jfBC9KEBcr1+l1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d6e3d450e2e4ae951ec4ce29356c5e28_JaffaCakes118

Files

d6e3d450e2e4ae951ec4ce29356c5e28_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2e7bfa084f9255ba1307dadf4a9aa40a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CopyFileA
CreateDirectoryA
CreateEventA
CreateFileA
DeleteCriticalSection
EnterCriticalSection
ExitProcess
FormatMessageA
FreeEnvironmentStringsA
GetCurrentProcess
GetCurrentProcessId
GetDateFormatA
GetFileAttributesA
GetLastError
GetModuleHandleA
GetPrivateProfileSectionA
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetSystemDirectoryA
GetSystemInfo
GetTickCount
GetVersionExA
GetWindowsDirectoryA
GlobalFree
HeapCreate
HeapDestroy
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
IsValidCodePage
IsValidLocale
LCMapStringA
LoadLibraryA
LoadResource
LocalFree
MapViewOfFile
Module32First
Module32Next
MulDiv
MultiByteToWideChar
OpenProcess
QueryPerformanceCounter
RemoveDirectoryA
SetCurrentDirectoryA
SetEnvironmentVariableA
SetErrorMode
SetPriorityClass
SetStdHandle
TlsFree
VirtualAlloc
VirtualProtect
WideCharToMultiByte
lstrcatA
lstrcmpA
lstrcmpiA

user32

GetWindowPlacement
InvalidateRect
LoadStringA
MessageBoxA

advapi32

FreeSid
RegEnumValueA

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 4.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.DATA
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2e7bfa084f9255ba1307dadf4a9aa40a

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 2.6MB - Virtual size: 2.6MB

.data Size: 1024B - Virtual size: 4.4MB

.DATA Size: 8KB - Virtual size: 12KB

.idata Size: 2KB - Virtual size: 4KB

.rsrc Size: 2KB - Virtual size: 2KB

.text
Size: 2.6MB - Virtual size: 2.6MB

.data
Size: 1024B - Virtual size: 4.4MB

.DATA
Size: 8KB - Virtual size: 12KB

.idata
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 2KB