db561e570fdfb91538a4b640b183b8a7_JaffaCakes118

General

Target

db561e570fdfb91538a4b640b183b8a7_JaffaCakes118
Size

40KB
MD5

db561e570fdfb91538a4b640b183b8a7
SHA1

9cd5f32239a66547e3e629d1bf74499c837ccd4a
SHA256

37bcac86448d66551f873ce0fb315a9295808856d77d485fb14f3e083f0614a8
SHA512

0f488c10d88b35bea742573bb108464a7acd8f1dadbfafc476156318df583cd1b8af73d849d27cc6b5864ee2b6e190b1572b3518bd5c96c25a53a103052d7e39
SSDEEP

384:1qp6hOxbOslC7ZneRhnljtme+Rf55y0DNOohesaZWd0W:wfxCfAryJn1DNOaesH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
db561e570fdfb91538a4b640b183b8a7_JaffaCakes118

Files

db561e570fdfb91538a4b640b183b8a7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

46bc552fb433ead9c4fbf4f1ecb56cb8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetModuleHandleA
WriteProcessMemory
VirtualAllocEx
CreateRemoteThread
Process32Next
Process32First
CreateToolhelp32Snapshot
GetWindowsDirectoryA
CreateProcessA
GetCurrentProcess
lstrlenA
GetModuleFileNameA
FindFirstFileA
CloseHandle
OpenProcess
GetFileAttributesA
ExitProcess
TerminateProcess
GetCommandLineA
GetVersion
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegCloseKey
RegDeleteKeyA
OpenProcessToken

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

46bc552fb433ead9c4fbf4f1ecb56cb8

Headers

File Characteristics

Imports

kernel32

advapi32

Sections

.text Size: 16KB - Virtual size: 15KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 12KB - Virtual size: 10KB

.rsrc Size: 4KB - Virtual size: 1016B

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 12KB - Virtual size: 10KB

.rsrc
Size: 4KB - Virtual size: 1016B