eea833516242df69a8f903f1e3b88733_JaffaCakes118

General

Target

eea833516242df69a8f903f1e3b88733_JaffaCakes118
Size

84KB
MD5

eea833516242df69a8f903f1e3b88733
SHA1

ac4e52cb07420acc645b3061f56efcfe1b751e41
SHA256

2f4136db6f50650380b80b516cf01413795fd3613c19b1b1d8c49f798fe65a4d
SHA512

2014d09ecc8ede48a32a2974986dac800f4d6ffaedb03a00f52efb90b90e4b9a215ccf0349b553d7aec2630e36170130b6db919c2e3cb2640b3d93b65fa3b270
SSDEEP

1536:MXpWbd3TqTmuJwiNp4S+jMdNOFgh8tY0:MUR3IlpXkcugh8tY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eea833516242df69a8f903f1e3b88733_JaffaCakes118

Files

eea833516242df69a8f903f1e3b88733_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a4c0a76eb7138da1d11f4f4e25b8f6f8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
IsBadReadPtr
GetEnvironmentVariableA
SetFileAttributesA
WriteFile
HeapReAlloc
GetVersionExA
LCMapStringA
HeapAlloc
GetModuleHandleA
GetProcessHeap
Process32Next
CloseHandle
TerminateProcess
Process32First
CreateToolhelp32Snapshot
GetCurrentProcess
DuplicateHandle
OpenProcess
GetCurrentProcessId
CreateFileA
GetCommandLineA
GetModuleFileNameA
FlushFileBuffers
SetStdHandle
GetStartupInfoA
GetVersion
ExitProcess
InterlockedDecrement
InterlockedIncrement
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
GetLastError
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
GetProcAddress
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
LCMapStringW
VirtualAlloc
RaiseException
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
GetStringTypeA
GetStringTypeW
SetFilePointer

shell32

ShellExecuteA

advapi32

RegSetValueExA
RegCloseKey
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptReleaseContext
CryptCreateHash
CryptAcquireContextA
RegDeleteKeyA
RegOpenKeyA
RegCreateKeyExA

user32

GetMessageA
wsprintfA
MessageBoxA
PeekMessageA
DispatchMessageA
TranslateMessage

Sections

.text
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a4c0a76eb7138da1d11f4f4e25b8f6f8

Headers

File Characteristics

Imports

kernel32

shell32

advapi32

user32

Sections

.text Size: 48KB - Virtual size: 46KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 24KB - Virtual size: 76KB

.text
Size: 48KB - Virtual size: 46KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 24KB - Virtual size: 76KB