0404061bcf7315acef575ac1a1670aa0_JaffaCakes118

General

Target

0404061bcf7315acef575ac1a1670aa0_JaffaCakes118
Size

826KB
MD5

0404061bcf7315acef575ac1a1670aa0
SHA1

866317704645ecc8070d11aa2cfd36c253b8278e
SHA256

63813d74ff73cef9e6beb0ea63b01ab21684c71d7bcebf4374bede34b3ac8518
SHA512

27074d88e07e4ab0ce3666dda2a3f29f43c1ca524a79899f2b7e64cf18463965faada40f02dec28fc625e042ed3021aa7093f265246d5cf9b5c092133703148f
SSDEEP

12288:ftW/9Ra2JQaMGxFXRdcJoobhnzrUx07LDTP2:o1Ra2JQaTx9TMoIhnzJXP2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0404061bcf7315acef575ac1a1670aa0_JaffaCakes118

Files

0404061bcf7315acef575ac1a1670aa0_JaffaCakes118
.exe windows:5 windows x86 arch:x86

0ddf0f3d377aef9d4bb9aab92c96fc3a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateThread
DeleteCriticalSection
EnterCriticalSection
ExitProcess
FormatMessageW
FreeLibrary
GetACP
GetCommandLineW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentVariableW
GetFileType
GetLastError
GetLocaleInfoW
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
GetStartupInfoA
GetStdHandle
GetSystemDefaultLangID
GetSystemDirectoryW
GetSystemTimeAsFileTime
GetTickCount
GetUserDefaultLangID
CreateProcessW
GetVersionExW
GlobalAlloc
GlobalFree
InitializeCriticalSection
InterlockedCompareExchange
InterlockedExchange
LeaveCriticalSection
LoadLibraryExW
LoadLibraryW
MultiByteToWideChar
OpenEventW
OpenProcess
OutputDebugStringW
QueryPerformanceCounter
SetConsoleCtrlHandler
SetCurrentDirectoryW
SetLastError
SetUnhandledExceptionFilter
TerminateProcess
UnhandledExceptionFilter
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcmpW
lstrcmpiW
lstrlenW
CreateEventW
CompareStringW
CloseHandle
VirtualAllocEx
Sleep
GetVersion
GetModuleHandleA

user32

LoadIconW
GetSysColor

gdi32

GetEnhMetaFileW
GetColorSpace
GetBkMode

advapi32

RegOpenKeyExW
RegQueryValueExA

Sections

.text
Size: 822KB - Virtual size: 822KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 564B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0ddf0f3d377aef9d4bb9aab92c96fc3a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

Sections

.text Size: 822KB - Virtual size: 822KB

.data Size: 512B - Virtual size: 564B

.rsrc Size: 2KB - Virtual size: 1KB

.text
Size: 822KB - Virtual size: 822KB

.data
Size: 512B - Virtual size: 564B

.rsrc
Size: 2KB - Virtual size: 1KB