ea27d1df754d937a4eb00969f40697ca_JaffaCakes118

General

Target

ea27d1df754d937a4eb00969f40697ca_JaffaCakes118
Size

401KB
MD5

ea27d1df754d937a4eb00969f40697ca
SHA1

f40b0a457eca69e4acf7c571cb8f5aa941c3504e
SHA256

9a8fa8a42e5cb807322d6b27a8514e7dd095e10cb9ff8fc0fce608f6ba580e7f
SHA512

f6e3826f3abb3660739f697db47a224a9b735aa67f5770dc6c77504756926508459557269f884d53d53ea4a706de0b0f22d39a27ebbf3b49a205bec1001fe6ed
SSDEEP

12288:3tz5kuP7Aa4nQS4bHa9N0OpxHRsBj/uB:3ZS87p4nUm9NvxHShW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ea27d1df754d937a4eb00969f40697ca_JaffaCakes118

Files

ea27d1df754d937a4eb00969f40697ca_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b4ab54aa54932a0a4e8acbb879bdf362

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

SwapMouseButton
BringWindowToTop
TrackMouseEvent
VkKeyScanExA
CreateWindowExA
GetWindowWord
wvsprintfA
FreeDDElParam

kernel32

SearchPathA
FreeUserPhysicalPages
OpenSemaphoreW
GetConsoleFontInfo
SearchPathW
EnumResourceNamesW
IsBadHugeWritePtr
SwitchToThread
GetModuleHandleA
GetCommandLineA
GetSystemDefaultLangID
CallNamedPipeA
SetConsoleActiveScreenBuffer
GetVolumeNameForVolumeMountPointA
GetStartupInfoA
GetFileAttributesExA
VirtualProtect

gdi32

SetRectRgn
GetClipRgn
GdiEntry6
EngGradientFill
MaskBlt

advapi32

ImpersonateSelf
LsaAddAccountRights
LsaEnumerateAccountRights
BuildImpersonateExplicitAccessWithNameW
CreateTraceInstanceId
ConvertToAutoInheritPrivateObjectSecurity
SystemFunction025
ChangeServiceConfigW
ElfChangeNotify

msvcrt

getc
_ismbbgraph
_spawnle
fflush
strftime
_expand
getwc
_read
_adj_fdivr_m32
_tzname

Sections

.text
Size: 396KB - Virtual size: 396KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 569KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 836B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b4ab54aa54932a0a4e8acbb879bdf362

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

gdi32

advapi32

msvcrt

Sections

.text Size: 396KB - Virtual size: 396KB

.data Size: 3KB - Virtual size: 569KB

.rsrc Size: 1024B - Virtual size: 836B

.text
Size: 396KB - Virtual size: 396KB

.data
Size: 3KB - Virtual size: 569KB

.rsrc
Size: 1024B - Virtual size: 836B