da64baf508bbdb4d030018cfe83cad55_JaffaCakes118

General

Target

da64baf508bbdb4d030018cfe83cad55_JaffaCakes118
Size

44KB
MD5

da64baf508bbdb4d030018cfe83cad55
SHA1

ea316f51b4dd0d266ad59c3cb14e8d0f6968873a
SHA256

d301882d32739fb13d4585a54b8ecd3ebd9c6ec0840c34e542e61135421ccac5
SHA512

f7a3a77f6497c4cb785ac5704d3003a4aa743b30e8a176c9f6cef49c0d53920842762669827004f36081ff4e1c4935fb50bc30c6473fc28ca51f38e389a74ddc
SSDEEP

768:7a0UDQ5vTICaQkEA5gU5/pSAG5CfcEkm0X3aR/17Tx3UEb/aj0TI:7a0jTMBgUpSAG5ZXbU/VTxEETjT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
da64baf508bbdb4d030018cfe83cad55_JaffaCakes118

Files

da64baf508bbdb4d030018cfe83cad55_JaffaCakes118
.exe windows:4 windows x86 arch:x86

eab237ceab92afcda175fa666782c348

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CreateDirectoryA
CreateEventA
DeleteCriticalSection
ExitProcess
FindNextFileA
FlushFileBuffers
FreeLibrary
GetACP
GetCommandLineA
GetConsoleMode
GetConsoleOutputCP
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetFileTime
GetFullPathNameA
GetModuleFileNameA
GetPrivateProfileSectionNamesA
GetPrivateProfileStringA
GetPrivateProfileStructA
GetProcessHeap
GetSystemDirectoryA
GetSystemTimeAsFileTime
GetThreadTimes
GetVersionExA
GlobalAlloc
GlobalUnlock
HeapAlloc
HeapCreate
HeapFree
HeapReAlloc
HeapSize
InterlockedCompareExchange
InterlockedDecrement
IsBadReadPtr
LoadLibraryA
LocalAlloc
LocalFree
Module32First
Module32Next
QueryPerformanceCounter
ReadFile
ResetEvent
ResumeThread
SetEndOfFile
SetEnvironmentVariableA
SetLastError
Sleep
TlsFree
TlsSetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WriteFile
lstrcmpA

user32

DrawIcon
EnableMenuItem
EndDialog
InvalidateRect
MsgWaitForMultipleObjects
RegisterClassExA

advapi32

AllocateAndInitializeSid
CloseServiceHandle
DeleteService
EqualSid
GetSecurityDescriptorControl
OpenSCManagerA
RegDeleteValueA
RegEnumValueA
RegFlushKey

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.DATA
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eab237ceab92afcda175fa666782c348

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 26KB - Virtual size: 26KB

.DATA Size: 8KB - Virtual size: 16KB

.data Size: 6KB - Virtual size: 8KB

.idata Size: 2KB - Virtual size: 4KB

.text
Size: 26KB - Virtual size: 26KB

.DATA
Size: 8KB - Virtual size: 16KB

.data
Size: 6KB - Virtual size: 8KB

.idata
Size: 2KB - Virtual size: 4KB