0152d1c7defb8b35313c4ab3249e42f8_JaffaCakes118

General

Target

0152d1c7defb8b35313c4ab3249e42f8_JaffaCakes118
Size

36KB
MD5

0152d1c7defb8b35313c4ab3249e42f8
SHA1

fbad8916544c614c41eec5f9d1a477d167f62ba3
SHA256

8365a5eb48a71491c62c3faddd55c1214779f29d008580f5a0bc2c13d2c669af
SHA512

b9dd16ba25ef3ad091507c9ccfe10567c9625bf89f75da7b161511c3dd7004c7f8fd0410f625f37032dc9ff767aa35d4ee5aa25636afdd8877b09c73fb72b179
SSDEEP

768:tTpvQ1FsvUSeuNmecMj0ADH8EKukKaOw5qF4RaBZopS9Z3pYgKv+:DOKreuNmHMj0AQEKbK5wKbBZopaRKv+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0152d1c7defb8b35313c4ab3249e42f8_JaffaCakes118

Files

0152d1c7defb8b35313c4ab3249e42f8_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b940214f6aab94ef9e337b4a4dfb90a0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Development\preloader\bin\release\preloader.pdb

Imports

kernel32

SetLastError
CreateFileMappingA
GetModuleFileNameA
GetModuleHandleA
CloseHandle
DeleteFileA
CreateProcessW
SystemTimeToFileTime
WaitForSingleObject
GetExitCodeProcess
TerminateProcess
GetLocalTime
GetLastError
GetFullPathNameA
GetFileAttributesA
GetEnvironmentVariableA
MultiByteToWideChar
CreateDirectoryA
FindFirstFileA
RemoveDirectoryA
FindClose
GetCurrentProcessId
WriteFile
CreateFileA
UnmapViewOfFile
MapViewOfFile
GetFileSize
GetTempPathA
RaiseException
RtlUnwind
GetTickCount
TlsSetValue
HeapAlloc
TlsGetValue
TlsAlloc
GetProcessHeap
ExitProcess
GetStdHandle
GetCommandLineA
GetStartupInfoA
HeapFree

advapi32

ReportEventA
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
RegisterEventSourceA

shell32

ShellExecuteExW

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b940214f6aab94ef9e337b4a4dfb90a0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

shell32

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 6KB - Virtual size: 6KB

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 6KB - Virtual size: 6KB