0f3cc8acc2bbe3f80a5e6d33fa34a0c7_JaffaCakes118

General

Target

0f3cc8acc2bbe3f80a5e6d33fa34a0c7_JaffaCakes118
Size

476KB
MD5

0f3cc8acc2bbe3f80a5e6d33fa34a0c7
SHA1

d2f0da4cecf6256b18b2e547558cede450cb35e8
SHA256

504da2271ca1a476662c64427163af79ee2a4dc28f34c03e4869e5d589654abc
SHA512

3f1817efbafe319e71ffe07fe232582bc1e38ce7b40e525ec4f65986d88662d45522087a963738890eb942ed32417f1f6392fb50506bdf1deeb2acdfcf2a0ddb
SSDEEP

6144:eMyMu+N1VBCkacULD5VCHKt76COJLDnxIgJFmXC/NdYA8rdQMJuCwxmlAS8amZ9w:evMd2cUeHbrV+aFm2yrXwxmYZwlUK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f3cc8acc2bbe3f80a5e6d33fa34a0c7_JaffaCakes118

Files

0f3cc8acc2bbe3f80a5e6d33fa34a0c7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ed1351f19c806ec02f87e6a03208157d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__p___winitenv
iscntrl
fabs
_strncoll
??2@YAPAXI@Z
_mbstok
strtod
_fgetchar
_mbschr
_CIatan
_ultow
_swab
strcoll
_i64toa
exit

user32

LoadMenuA
GetDlgItem
ClipCursor
GetCaretPos
GetMenuItemInfoA
SetWindowRgn
DdeAddData
SwitchDesktop
GetParent
SetLastErrorEx
LoadIconW
CheckMenuItem

kernel32

WritePrivateProfileStringW
GetConsoleOutputCP
GetAtomNameA
GetDiskFreeSpaceW
FindResourceA
FindVolumeClose
SetThreadPriority
FormatMessageA
IsBadHugeReadPtr
FreeLibrary
GetCurrentThread
TerminateProcess
GetSystemPowerStatus
ScrollConsoleScreenBufferW
FlushFileBuffers
InterlockedDecrement
GetNumberFormatA
Sleep
_lwrite
VirtualAlloc
CreateWaitableTimerW
GetCurrentProcess
GetCurrentThreadId
HeapWalk
SetInformationJobObject
GetThreadPriority
ord36

wmi

WmiNotificationRegistrationW
WmiSetSingleInstanceW
WmiOpenBlock
WmiQueryAllDataW
WmiCloseBlock

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

DATA
Size: 396KB - Virtual size: 535KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ed1351f19c806ec02f87e6a03208157d

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

user32

kernel32

wmi

Sections

.text Size: 11KB - Virtual size: 10KB

.orpc Size: - Virtual size: 77KB

DATA Size: 396KB - Virtual size: 535KB

.rsrc Size: 68KB - Virtual size: 67KB

.text
Size: 11KB - Virtual size: 10KB

.orpc
Size: - Virtual size: 77KB

DATA
Size: 396KB - Virtual size: 535KB

.rsrc
Size: 68KB - Virtual size: 67KB