fac8aa0c4d9cf88902d254a7f713f649_JaffaCakes118

General

Target

fac8aa0c4d9cf88902d254a7f713f649_JaffaCakes118
Size

136KB
MD5

fac8aa0c4d9cf88902d254a7f713f649
SHA1

478a0d01e43e897da3f939ecb276b45b49fcd264
SHA256

714c923f03b44fec4bb195a742472dcbc2bb3a4b969a9b6565ac44de4c972bc6
SHA512

d4c898b6899f98c9829a89d0293e6cfcf14d7f5d42361cd6c85b63d929485fbb1af70ec0d16fb36227ec2dc334c6675add5a54dfb3eee4d101c62739b53b8e59
SSDEEP

3072:YgUFVgTC9RYwNH4jyZQGo2YRtv9yT2OZ1itQ:eHgFwR4jdGo2YTbOzaQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fac8aa0c4d9cf88902d254a7f713f649_JaffaCakes118

Files

fac8aa0c4d9cf88902d254a7f713f649_JaffaCakes118
.exe windows:5 windows x86 arch:x86

0b899d53108023635e8efc6034929885

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadFile
SetFilePointer
GetFileSize
CreateFileA
GetModuleFileNameA
GetProcAddress
LoadLibraryA
lstrlenA
GetTempPathA
VirtualAlloc
GetProcessHeap
HeapFree
CloseHandle
LCMapStringA
HeapAlloc
Sleep
LCMapStringW
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
RtlUnwind
RaiseException
GetCommandLineA
GetStartupInfoA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualFree
HeapReAlloc
HeapCreate
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
GetLastError
InterlockedDecrement
GetModuleHandleA
SetUnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
GetLocaleInfoA

gdi32

GdiGetBatchLimit

winspool.drv

AddPrinterDriverA

wininet

InternetCombineUrlA
InternetOpenA

Sections

.text
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0b899d53108023635e8efc6034929885

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdi32

winspool.drv

wininet

Sections

.text Size: 47KB - Virtual size: 47KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 4KB - Virtual size: 35KB

.rsrc Size: 5KB - Virtual size: 5KB

.text
Size: 47KB - Virtual size: 47KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 4KB - Virtual size: 35KB

.rsrc
Size: 5KB - Virtual size: 5KB