003a4af5e5470caa99ea2c41c9395c59_JaffaCakes118

General

Target

003a4af5e5470caa99ea2c41c9395c59_JaffaCakes118
Size

277KB
MD5

003a4af5e5470caa99ea2c41c9395c59
SHA1

7545127bc9cc7561a575bc2ee72aa501ccf680e4
SHA256

ddb35c56f1ca6611313a1d62a1493d1b093525cd51d3d35b3e7d0567c4ceeba2
SHA512

bfd49ededf733f4a967b1b0112e9e68fbaf29fb43139fdd84a06cbc44273608192b273e8a0c45143fb7e4f1a4165ed70f50888f33ba1025dade64400e0e0c256
SSDEEP

6144:h1JWyyVtYEo2T1pgsUPhiWNNdtYyWyY8D7CDGEN:hvWyyvhTjgsUP1NNd2ja

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
003a4af5e5470caa99ea2c41c9395c59_JaffaCakes118

Files

003a4af5e5470caa99ea2c41c9395c59_JaffaCakes118
.exe windows:4 windows x86 arch:x86

96c38503dcd114278ff1385937326f37

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetCurrentProcess
GetCurrentProcessId
GetOEMCP
GetEnvironmentStringsW
CreateEventW
GetCommandLineA
lstrlenA
LeaveCriticalSection
GetProcessHeap
GetTickCount
VirtualProtect
GetSystemDefaultLangID
SetConsoleCP
GetStringTypeW
SizeofResource
GetACP
HeapAlloc
FindFirstFileA
UnhandledExceptionFilter
LCMapStringA
SetStdHandle
GetModuleHandleA
GlobalAlloc
ExitProcess
VirtualQuery
GetStartupInfoA
GetCurrentThreadId
GetLastError
MultiByteToWideChar

advapi32

GetLengthSid
RegCloseKey
GetTokenInformation
OpenSCManagerW
RegDeleteKeyW

ole32

CoMarshalHresult

user32

SetRectEmpty
ValidateRect
PeekMessageW
LoadStringA
GetWindowTextW
SetScrollInfo
GetFocus

msvcrt

memcpy
wcsncmp

lz32

LZDone

Sections

.text
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 197KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

96c38503dcd114278ff1385937326f37

Headers

File Characteristics

Imports

kernel32

advapi32

ole32

user32

msvcrt

lz32

Sections

.text Size: 77KB - Virtual size: 76KB

.rdata Size: 197KB - Virtual size: 208KB

.data Size: 512B - Virtual size: 202KB

.rsrc Size: 1024B - Virtual size: 944B

.reloc Size: 512B - Virtual size: 208B

.text
Size: 77KB - Virtual size: 76KB

.rdata
Size: 197KB - Virtual size: 208KB

.data
Size: 512B - Virtual size: 202KB

.rsrc
Size: 1024B - Virtual size: 944B

.reloc
Size: 512B - Virtual size: 208B