036273c2750b631ddd25c5dfd5917f32_JaffaCakes118

General

Target

036273c2750b631ddd25c5dfd5917f32_JaffaCakes118
Size

227KB
MD5

036273c2750b631ddd25c5dfd5917f32
SHA1

dd052a5886edcfe55a506a06762fabcd74584d07
SHA256

dd8d92239c19a5efb33afd0024771c1e6c02e8e148946629837cf6a85d6d9ab1
SHA512

1505b5271441ce76a286e0ed87dccf4bb581c8f822c8608730d5e87fff2f046eaf2286ebcf1c5c4ee9baed9da5c3e175008a02926ead4bd89612f6bbe8e59cfa
SSDEEP

3072:gmcvW227MHKX7gqepjgXXJEG0BB+xIzS4lrgCNxkHNZXlsfY4D897EqnO6+cdAwL:lGW2GMHeg9pkX5EPfxDItrnOgdl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
036273c2750b631ddd25c5dfd5917f32_JaffaCakes118

Files

036273c2750b631ddd25c5dfd5917f32_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7ad894905667fbd17ee6b268abc64c4e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetEnvironmentStrings
TlsFree
VirtualQueryEx
OpenFileMappingA
LCMapStringW
FreeEnvironmentStringsA
HeapAlloc
LoadLibraryA
GetCommandLineA
HeapCreate
LocalLock
FlushConsoleInputBuffer
EnterCriticalSection
GetLastError
InterlockedExchange
GetTickCount
GetEnvironmentStringsW
SetHandleCount
SetLastError
GlobalUnlock
GetVersion
GetStringTypeA
TlsAlloc
GetStringTypeW
GetFileAttributesExW
UnhandledExceptionFilter
IsBadWritePtr
MultiByteToWideChar
GetProcAddress
GetACP
LeaveCriticalSection
HeapFree
ReadConsoleW
GetStdHandle
SetLocaleInfoA
VirtualFree
VirtualQuery
GetCurrentThread
WideCharToMultiByte
GetSystemTimeAsFileTime
GetFileType
WriteFile
GetCPInfo
LCMapStringA
HeapReAlloc
TlsSetValue
ExitProcess
FreeEnvironmentStringsW
DeleteCriticalSection
VirtualAlloc
TerminateProcess
QueryPerformanceCounter
GetCurrentProcess
GetOEMCP
GetModuleHandleA
HeapDestroy
GetModuleFileNameA
GetConsoleTitleW
GetCurrentThreadId
RtlUnwind
TlsGetValue
GetStartupInfoA
InitializeCriticalSection
GetCurrentProcessId

advapi32

CryptAcquireContextW

comdlg32

GetOpenFileNameW
ChooseFontW

shell32

SHAppBarMessage
SheSetCurDrive
DragQueryFile
InternalExtractIconListA
SHBrowseForFolderW
CommandLineToArgvW
FreeIconList
RealShellExecuteExA
ExtractIconExA
FindExecutableW
DoEnvironmentSubstA
ShellExecuteW
SHChangeNotify
SHGetSettings
SHBrowseForFolderA
SHInvokePrinterCommandA
RealShellExecuteExW
ExtractIconW
SHInvokePrinterCommandW

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7ad894905667fbd17ee6b268abc64c4e

Headers

File Characteristics

Imports

kernel32

advapi32

comdlg32

shell32

Sections

.text Size: 108KB - Virtual size: 107KB

.data Size: 105KB - Virtual size: 105KB

.rsrc Size: 13KB - Virtual size: 12KB

.text
Size: 108KB - Virtual size: 107KB

.data
Size: 105KB - Virtual size: 105KB

.rsrc
Size: 13KB - Virtual size: 12KB