ff040da4916cfff49c79fc62094b13fa_JaffaCakes118

General

Target

ff040da4916cfff49c79fc62094b13fa_JaffaCakes118
Size

128KB
MD5

ff040da4916cfff49c79fc62094b13fa
SHA1

1d47e071714988e8b954dffc66e690f2355a6fe5
SHA256

176752723b61c3a8e3836a6710a488e888699daf73a648b90f4b56360278a036
SHA512

b18370a5f8260b8eab66b47d8f2db7a2d122760be954677139511849ccc8d237e849641e65f0b50d8cbfee89237e1e0306d76fdd1a90bc37fb4a94a4d95182e5
SSDEEP

768:/vjlFUaE+L1gA/AlKgDPTQgZzVqKgtyyolyk8b22:/Hl/Al9DPTBzSdoUk8i2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ff040da4916cfff49c79fc62094b13fa_JaffaCakes118

Files

ff040da4916cfff49c79fc62094b13fa_JaffaCakes118
.exe windows:4 windows x86 arch:x86

aff38c87d27684a2ed39ac4b9f46f248

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForSingleObject
CreateProcessA
CloseHandle
GetProcAddress
LoadLibraryA
GetModuleFileNameA
MoveFileA
Sleep
FreeLibrary
DeleteFileA
GetStringTypeA
LCMapStringW
ExitProcess
TerminateProcess
GetCurrentProcess
RtlUnwind
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
HeapFree
GetLastError
ReadFile
SetHandleCount
GetStdHandle
GetFileType
SetFilePointer
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
HeapAlloc
VirtualAlloc
HeapReAlloc
IsBadWritePtr
SetStdHandle
FlushFileBuffers
CreateFileA
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
SetEndOfFile
MultiByteToWideChar
LCMapStringA
GetStringTypeW

advapi32

RegCloseKey
RegCreateKeyA
RegSetValueExA
RegQueryValueExA

shlwapi

PathFileExistsA

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

aff38c87d27684a2ed39ac4b9f46f248

Headers

File Characteristics

Imports

kernel32

advapi32

shlwapi

Sections

.text Size: 28KB - Virtual size: 26KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 88KB - Virtual size: 88KB

.text
Size: 28KB - Virtual size: 26KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 88KB - Virtual size: 88KB