d709a7e4607ce0408073d1938ebd8303_JaffaCakes118

General

Target

d709a7e4607ce0408073d1938ebd8303_JaffaCakes118
Size

376KB
MD5

d709a7e4607ce0408073d1938ebd8303
SHA1

a69c0d21ba9452c488fa00e10c76bd836103f9e5
SHA256

4f3be28dd7bd7e91e594634c94fd04c4e49cff09d420719baf318000ba19d01d
SHA512

2a1dc948caf4b21ec9ede23c687bfad18cd82ec147627712615e50b98af3e8c73d2a02dae6bc06f3421094324484f3b2c76922b1a4f9d7a1d8f489684b4773be
SSDEEP

6144:dJDNMosqZ9w7v4nvToPBB7OgXgM+T4OHW97JJVhWgsvK/sqnO/XBi0Xjyl:jDNqqPw7v4nvMPL3QM+T+lWgb/sqO/Xb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d709a7e4607ce0408073d1938ebd8303_JaffaCakes118

Files

d709a7e4607ce0408073d1938ebd8303_JaffaCakes118
.exe windows:4 windows x86 arch:x86

27674d2ef933abaff6098f5762351eb5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsBadReadPtr
InterlockedExchange
GetACP
GetLocaleInfoA
GetVersionExA
MultiByteToWideChar
WideCharToMultiByte
RaiseException
GetLastError
InitializeCriticalSection
DeleteCriticalSection
GetVolumeInformationA
WriteFile
CreateFileA
SizeofResource
LockResource
LoadResource
FindResourceA
CopyFileA
SetCurrentDirectoryA
CreateMutexA
OpenMutexA
ExitProcess
GetProcessHeap
CloseHandle
FlushFileBuffers
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
SetStdHandle
RtlUnwind
HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
MoveFileA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
SetUnhandledExceptionFilter
HeapDestroy
HeapCreate
VirtualFree
HeapReAlloc
IsBadWritePtr
GetProcAddress
TerminateProcess
GetCurrentProcess
HeapSize
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
LoadLibraryA
IsBadCodePtr
SetFilePointer
GetOEMCP
GetCPInfo

shell32

ShellExecuteA

shlwapi

PathFileExistsA

Sections

.쫷�
Size: 364KB - Virtual size: 362KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

27674d2ef933abaff6098f5762351eb5

Headers

File Characteristics

Imports

kernel32

shell32

shlwapi

Sections

.쫷� Size: 364KB - Virtual size: 362KB

.rsrc Size: 8KB - Virtual size: 6KB

.쫷�
Size: 364KB - Virtual size: 362KB

.rsrc
Size: 8KB - Virtual size: 6KB