d71e0d1d8737d0782954b408093370c9_JaffaCakes118

General

Target

d71e0d1d8737d0782954b408093370c9_JaffaCakes118
Size

812KB
MD5

d71e0d1d8737d0782954b408093370c9
SHA1

db70d8c243b7f5b6c232353f795b6cf405287198
SHA256

84df41bf44b52006cd41cdd3781afe20bf989fbc59e3141695ecc92fbd371a5d
SHA512

61f00fd480626c1a88509b327d54fadeb58dca40f962b08cdbf7bc29c90c073133b431c08df3b3345ed9d7041b775539a3b9fbb9b6225208fbea2c86f4617b32
SSDEEP

24576:HKKcdRShQ8zrPguM1kPPDmYCUAru/Vbc9rX:HK1dRmQ8wUpFAq/VOj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d71e0d1d8737d0782954b408093370c9_JaffaCakes118

Files

d71e0d1d8737d0782954b408093370c9_JaffaCakes118
.exe windows:5 windows x86 arch:x86

50455af8b304cc66f3cbdb582d28de77

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\installer\x64\temp\temp(32bit)\epstp64u\objfre_wnet_x86\i386\setup.pdb

Imports

kernel32

lstrcpyA
lstrcatA
lstrlenA
lstrcmpiA
GlobalAlloc
GlobalFree
FreeLibrary
GetCurrentProcess
GetLastError
GetCurrentThread
GetProcAddress
LoadLibraryA
WriteFile
CreateFileA
CloseHandle
GetSystemDirectoryA
GetTempPathA
GetVersionExA
FindClose
FindFirstFileA
LockResource
SizeofResource
LoadResource
FindResourceA
CopyFileA
GetModuleFileNameA
DeleteFileA
SetFileAttributesA
GetFileAttributesA
SetEnvironmentVariableA
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
GetPrivateProfileStringA
Sleep
LoadLibraryExA
GetCommandLineA
SetFilePointer
SetEndOfFile
ReadFile
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime

user32

MessageBoxA
wvsprintfA

shlwapi

StrRChrIA
StrChrIA
StrCmpNIA
StrStrA

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 772KB - Virtual size: 772KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

50455af8b304cc66f3cbdb582d28de77

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

shlwapi

Sections

.text Size: 29KB - Virtual size: 29KB

.data Size: 9KB - Virtual size: 12KB

.rsrc Size: 772KB - Virtual size: 772KB

.text
Size: 29KB - Virtual size: 29KB

.data
Size: 9KB - Virtual size: 12KB

.rsrc
Size: 772KB - Virtual size: 772KB