059563237a6dcc7590c31700d35cc6df_JaffaCakes118

General

Target

059563237a6dcc7590c31700d35cc6df_JaffaCakes118
Size

192KB
MD5

059563237a6dcc7590c31700d35cc6df
SHA1

a16582c33cc18ab197417dbbdbd92f4e917b8a16
SHA256

12ea536ebf3467463b8ef25a7598748b439bbd0b901ab04e0b6ddd0590dd888b
SHA512

bf8ea613e85bd6f9cc61872b6dbb8599ad1f50e1d247867f1191c5ccaaf393480fef7b2ab8c0add1b9a9f8a8bb7126b1aa7f59520f6bf85439bc974d133f2ca9
SSDEEP

3072:GSq8bEnWgd9sP4vdE1xSbSKFU9uJ5A5qaVlNsWOgZttAhU3LBLM/uIgMB/wZtnnc:GgbEnWgd9PdkMbcEYQk6WOQtUILO/uIy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
059563237a6dcc7590c31700d35cc6df_JaffaCakes118

Files

059563237a6dcc7590c31700d35cc6df_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a48c7fa243058b1c24fa3b24914bac3c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
GetCurrentProcess
GetLastError
CreateDirectoryA
GetFileAttributesA
lstrcpyA
lstrlenA
DeleteFileA
SetFileAttributesA
Process32Next
GetCurrentProcessId
Process32First
CreateToolhelp32Snapshot
GetTickCount
lstrcatA
GetSystemDirectoryA
HeapFree
HeapAlloc
GetProcessHeap
Sleep
GetProcAddress
GetModuleHandleA
ExitProcess
SetEnvironmentVariableA
GetWindowsDirectoryA
GetTempPathA
GetCurrentDirectoryA
MoveFileA
SetFileTime
GetFileTime
WriteFile
CreateFileA
GetModuleFileNameA
WaitForSingleObject
CreateEventA
GetShortPathNameA
ExpandEnvironmentStringsA
OpenEventA
SetUnhandledExceptionFilter
GetCommandLineA
WideCharToMultiByte
MultiByteToWideChar
LocalAlloc
FreeLibrary
InterlockedExchange
GetStartupInfoA
RaiseException
LoadLibraryA

shlwapi

SHDeleteKeyA

msvcrt

rand
srand
_ftol
toupper
tolower
strcat
strncat
strchr
memset
wcstombs
memcpy
strcmp
__CxxFrameHandler
strncpy
strstr
??3@YAXPAX@Z
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_strnicmp
_itoa
strcpy
_except_handler3
malloc
free
_strrev
_strlwr
strlen
_stricmp

user32

CharNextA
wsprintfA

netapi32

NetUserGetLocalGroups

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a48c7fa243058b1c24fa3b24914bac3c

Headers

File Characteristics

Imports

kernel32

shlwapi

msvcrt

user32

netapi32

Sections

.text Size: 16KB - Virtual size: 13KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 164KB - Virtual size: 164KB

.rsrc Size: 4KB - Virtual size: 3KB

.text
Size: 16KB - Virtual size: 13KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 164KB - Virtual size: 164KB

.rsrc
Size: 4KB - Virtual size: 3KB