da2cf61055c00b23ed970fc47270d0d3_JaffaCakes118

General

Target

da2cf61055c00b23ed970fc47270d0d3_JaffaCakes118
Size

266KB
MD5

da2cf61055c00b23ed970fc47270d0d3
SHA1

d887af8354cc2e9007e10fbfb4baa9b102813fcc
SHA256

d7bdcf43f9dcd0566d0107e2750c56175c26008392ca24b603e4b70efd38738b
SHA512

07c1a33c3cf12f6a0a21130b42dd89a75f12ba47d25482dbb1035ffa8a8df77040ed722858300bf2e9394b01d6263c33de538aef107211947f97ec6991bdd58b
SSDEEP

6144:1DRbvP4swiYVgpNpypAq35+U7E9b70UtlXjc+8:1lPPFYqNgAq3AU7E90an8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
da2cf61055c00b23ed970fc47270d0d3_JaffaCakes118

Files

da2cf61055c00b23ed970fc47270d0d3_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ebc67e1aacc75660fa90a9376a36b75c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

ZwQueryInformationThread
NtSetSystemInformation
NtOpenEvent
NtResumeThread
NtProtectVirtualMemory
RtlExitUserThread
RtlCancelTimer

kernel32

GetCurrentProcessId
FormatMessageA
ResetEvent
DeleteCriticalSection
HeapFree
GetThreadPriority
CreateMutexA
VirtualProtect
LockFileEx
GetSystemTimeAsFileTime
lstrlenA
GlobalFree
GetSystemTimeAsFileTime
FindFirstChangeNotificationW
SetStdHandle
WritePrivateProfileStringA
VirtualQuery
Module32Next
GetShortPathNameW
GetFileType
GetStdHandle
GlobalAlloc
SetPriorityClass
GetLongPathNameW
GlobalUnlock
LoadLibraryA
MoveFileWithProgressW
MoveFileExA
IsDebuggerPresent
GetDateFormatA
Sleep
GetConsoleMode
GetProcAddress
CloseHandle
GetCommandLineA
GetProcessTimes
GetCurrentDirectoryA
LoadResource
FindNextChangeNotification
GetLongPathNameA
CreateDirectoryW
WriteFile
FindNextFileW
HeapAlloc
VirtualAlloc
GetVersion
GetACP
DebugBreak
HeapSize
CreateProcessW
IsProcessorFeaturePresent
FindResourceA
QueryPerformanceFrequency
SystemTimeToFileTime
GetFileSize
InterlockedDecrement
LoadLibraryW
RaiseException
GetOEMCP
CreateThread
CreateToolhelp32Snapshot

Sections

.text
Size: 203KB - Virtual size: 203KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ebc67e1aacc75660fa90a9376a36b75c

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

Sections

.text Size: 203KB - Virtual size: 203KB

.data Size: 59KB - Virtual size: 59KB

.rsrc Size: 5KB - Virtual size: 8KB

.text
Size: 203KB - Virtual size: 203KB

.data
Size: 59KB - Virtual size: 59KB

.rsrc
Size: 5KB - Virtual size: 8KB