e6171ba73ecfcd660054a5a873ffa900_JaffaCakes118

General

Target

e6171ba73ecfcd660054a5a873ffa900_JaffaCakes118
Size

203KB
MD5

e6171ba73ecfcd660054a5a873ffa900
SHA1

39d7d6c6918a7cf686bc0b0aefed8aced3762563
SHA256

404b72f83dc1fd9cc9b121b876743bbb31bc40d39f0085b69229c6a1a0a8e0f2
SHA512

55260f09962fc5c44829e28df8b30a68a0158f9f6ccf9b2d922c591f8fd4f1899ee6b07ca1f44b1e1c0c12a6727efd9c01ce41938db0acb6a18a5d42a51716e6
SSDEEP

6144:dl4DmkTCQaN6Q2i6KLEz4ko9QxMtUHGl7KIJ:TGmQiM0C4kyXplJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e6171ba73ecfcd660054a5a873ffa900_JaffaCakes118

Files

e6171ba73ecfcd660054a5a873ffa900_JaffaCakes118
.exe windows:5 windows x86 arch:x86

51c392294e51bb028ac217f0f584545f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

FEW0Ec2v.pdb

Imports

kernel32

GetCommandLineA
GlobalSize
GetCurrentProcessorNumber
GetHandleInformation
Thread32Next
GetCommConfig
MoveFileExW
OpenThread

user32

GetAncestor
GetMenuContextHelpId
AnyPopup
GetParent
GetUpdateRect
GetQueueStatus
GetFocus
VkKeyScanA
CharPrevExA
LookupIconIdFromDirectoryEx
GetKeyNameTextW
GetSysColor

advapi32

GetSecurityDescriptorLength
CryptEncrypt
GetOldestEventLogRecord
AdjustTokenGroups

gdi32

SetViewportExtEx
GetFontLanguageInfo

winscard

SCardForgetCardTypeW

pdh

PdhAddCounterW

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 62KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

51c392294e51bb028ac217f0f584545f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

gdi32

winscard

pdh

Sections

.text Size: 14KB - Virtual size: 13KB

.rdata Size: 59KB - Virtual size: 59KB

.data Size: 62KB - Virtual size: 65KB

.CRT Size: 59KB - Virtual size: 59KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 14KB - Virtual size: 13KB

.rdata
Size: 59KB - Virtual size: 59KB

.data
Size: 62KB - Virtual size: 65KB

.CRT
Size: 59KB - Virtual size: 59KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 3KB