eb87d6f8aceb576ed4fdeeb82c78944e_JaffaCakes118

General

Target

eb87d6f8aceb576ed4fdeeb82c78944e_JaffaCakes118
Size

1.8MB
MD5

eb87d6f8aceb576ed4fdeeb82c78944e
SHA1

7ca1fc3c57de837e92675a1c59390d91832837d2
SHA256

bc429e1a2b961eca0f83bc5b72280b9170c4aa6862da15f012323a1976459b81
SHA512

8642da81fc13e3b118830c78207f7c2ae958ecf91e1aa7f0e3c96d3bccd69790c87a70f4c08b81f3d3b218b830cad089e95b51ed491f10f8068114f2bddc2d61
SSDEEP

24576:pH3T+cNfXsgCY4atYzo0VnNSBuuMrtwREqJG92khEdukGAFFKhnUoyDgLr6y3he2:oOP1rWzfuBurAG92kuE2FKhnZx4B6wHq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eb87d6f8aceb576ed4fdeeb82c78944e_JaffaCakes118

Files

eb87d6f8aceb576ed4fdeeb82c78944e_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e8dc32cf8efcda9c9e11cd03344ef8e8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAllocEx
InitializeCriticalSectionAndSpinCount
SetEndOfFile
LoadLibraryExW
IsValidCodePage
MultiByteToWideChar
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
GetLastError
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
HeapAlloc
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement

userenv

GetUserProfileDirectoryW
ExpandEnvironmentStringsForUserW
EnterCriticalPolicySection
LeaveCriticalPolicySection
RegisterGPNotification
UnregisterGPNotification
LoadUserProfileW

Sections

.text
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1.5MB - Virtual size: 10.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 195KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e8dc32cf8efcda9c9e11cd03344ef8e8

Headers

File Characteristics

Imports

kernel32

userenv

Sections

.text Size: 53KB - Virtual size: 53KB

.data Size: 1.5MB - Virtual size: 10.2MB

.idata Size: 2KB - Virtual size: 1KB

.rsrc Size: 195KB - Virtual size: 195KB

.text
Size: 53KB - Virtual size: 53KB

.data
Size: 1.5MB - Virtual size: 10.2MB

.idata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 195KB - Virtual size: 195KB