da6fcc4a2493afd3c8f618b8fa30db20_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

da6fcc4a2493afd3c8f618b8fa30db20_JaffaCakes118
Size

1.6MB
MD5

da6fcc4a2493afd3c8f618b8fa30db20
SHA1

841fa4e385963381935df4676c860852920c4965
SHA256

89bbd37b446b73079b9854b1f0e02b6094dda1d1956c9d294af72275ab2ae612
SHA512

1ad1d6d18961a3ab5d83a800b1d22176a55c32016ae30f20be40181ad9dbe2b09393d23f931251f9b1b31fc35365bfb2d746319929a2f29d7478b7e508151e67
SSDEEP

49152:aouPR4jBRtedDgCXcxwXKxBpUST8R1CSZu:aBGjvUVgaOp/RSZu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
da6fcc4a2493afd3c8f618b8fa30db20_JaffaCakes118

Files

da6fcc4a2493afd3c8f618b8fa30db20_JaffaCakes118
.exe windows:4 windows x86 arch:x86

36a349c70f110c473512c33ba338c61c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpyA
EnumResourceNamesW
SwitchToFiber
GlobalFindAtomW
PulseEvent
GetTapeParameters
GlobalReAlloc
GetProcessHeap
MultiByteToWideChar
FindResourceExA
OutputDebugStringA
GetCompressedFileSizeW
SetProcessShutdownParameters
QueryDosDeviceA
IsBadReadPtr
GetStringTypeExW
SetConsoleCursorPosition
GetBinaryTypeA
GetTickCount
GetTapeStatus
GetACP
CreateEventA
PrepareTape
ReadConsoleOutputA
CreateMutexA
SetEnvironmentVariableA
SetupComm
GlobalFindAtomA
LeaveCriticalSection
FlushFileBuffers
SetVolumeLabelA
GlobalFlags
ReadConsoleInputW
ReleaseMutex
SetCommTimeouts
GetCommConfig
ScrollConsoleScreenBufferA
AreFileApisANSI
ConnectNamedPipe
GetShortPathNameA
SizeofResource
InitializeCriticalSection
IsValidLocale
SetFileTime
GetOEMCP
lstrcatW
EraseTape
SetLastError
GlobalGetAtomNameW
SetNamedPipeHandleState
CompareStringA
VirtualQuery
VirtualAlloc
FindNextChangeNotification
WritePrivateProfileStringA
IsProcessorFeaturePresent
GetLogicalDriveStringsA
ExitProcess

user32

GetScrollRange
DrawTextExA
WaitForInputIdle

ws2_32

WSALookupServiceEnd
accept
ioctlsocket
htonl
WSAGetServiceClassInfoW
WSAAsyncGetProtoByNumber

comctl32

ImageList_SetOverlayImage
CreateStatusWindowW
ImageList_LoadImageW

comdlg32

ReplaceTextA
ReplaceTextW

version

GetFileVersionInfoA
VerQueryValueA
VerInstallFileA

Sections

.text
Size: 4KB - Virtual size: 221KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

36a349c70f110c473512c33ba338c61c

Headers

File Characteristics

Imports

kernel32

user32

ws2_32

comctl32

comdlg32

version

Sections

.text Size: 4KB - Virtual size: 221KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 1.3MB - Virtual size: 1.3MB

.rsrc Size: 17KB - Virtual size: 16KB

.text
Size: 4KB - Virtual size: 221KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 1.3MB - Virtual size: 1.3MB

.rsrc
Size: 17KB - Virtual size: 16KB