fcfdfa9cad1244e09b679338807cc4af_JaffaCakes118

General

Target

fcfdfa9cad1244e09b679338807cc4af_JaffaCakes118
Size

84KB
MD5

fcfdfa9cad1244e09b679338807cc4af
SHA1

a33d99af62040799e160a7ea8204adb1702a40f4
SHA256

1ca6b68bbb13fb0294c66087514a0eae944bb98d3d00933593dd5914c6fcef2e
SHA512

7deab2b7a60497e444687deec208d514f80a5a9b9c6fab358ea65c1e01b94c3136d35677aa39c00b3e566cbd93db435f8832cfb66149f35242a7c6f4c0333d5c
SSDEEP

1536:4EelzDXw9HI2+lidpjgFBmnITcoLVE4kpa:Delzrw9Hhy2pjGLTcoLVE44

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fcfdfa9cad1244e09b679338807cc4af_JaffaCakes118

Files

fcfdfa9cad1244e09b679338807cc4af_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b26e989f0568921701cf33e1c6089569

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileAttributesA
ReadFile
GetFileSize
GetVersionExA
GetLastError
GetCurrentProcess
WinExec
DeleteFileA
QueryPerformanceCounter
WriteFile
GetThreadPriority
GetCurrentThread
GetPriorityClass
QueryPerformanceFrequency
GlobalMemoryStatus
FreeLibrary
GetProcAddress
LoadLibraryA
CreateFileA
SetPriorityClass
SetThreadPriority
RtlUnwind
LCMapStringA
LCMapStringW
GetOEMCP
GetACP
GetStringTypeW
GetStringTypeA
GetCPInfo
IsBadReadPtr
SetUnhandledExceptionFilter
IsBadCodePtr
CloseHandle
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
RaiseException
HeapAlloc
HeapReAlloc
TerminateProcess
HeapSize
WideCharToMultiByte
MultiByteToWideChar
SetHandleCount
GetStdHandle
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
GetFileType
GetEnvironmentVariableA
VirtualAlloc
HeapCreate
VirtualFree
IsBadWritePtr

user32

LoadStringA
SetDlgItemTextA
SetWindowTextA
MoveWindow
ExitWindowsEx
DialogBoxParamA
MessageBoxA
GetSystemMetrics
EndDialog
GetWindowRect

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken

Sections

.text
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b26e989f0568921701cf33e1c6089569

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 40KB - Virtual size: 38KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 12KB - Virtual size: 13KB

.rsrc Size: 20KB - Virtual size: 20KB

.text
Size: 40KB - Virtual size: 38KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 12KB - Virtual size: 13KB

.rsrc
Size: 20KB - Virtual size: 20KB