103a952bb58fb93f48a83131a0c71828_JaffaCakes118

General

Target

103a952bb58fb93f48a83131a0c71828_JaffaCakes118
Size

104KB
MD5

103a952bb58fb93f48a83131a0c71828
SHA1

9d5d4dd03cdbd163306177c3b3e8cd9b2b85498c
SHA256

a1284956235367be1943d1425020e5e37dc92cbea8c4d1653cf65f2ba9755546
SHA512

e2962d473f7feb1b6f335b44735da5048965b836ae2da09457beef76d35db3c83a5782a1f6246a624a8cc8c5f1ee44d40ad349627e4c45bd0a74777e5e135b18
SSDEEP

1536:VfmH6UMgtrmpqX6BYRmvcnEc4t5TphkcvKbf+G6K0tQ0bWhERCu:Vf86UMgOrBEqt5TUcKr+G6ftQ0FCu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
103a952bb58fb93f48a83131a0c71828_JaffaCakes118

Files

103a952bb58fb93f48a83131a0c71828_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c906f7081da8ba16310b9441f0eb3e00

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
free
calloc
_beginthreadex
strcmp
rand
memcpy
memmove
atoi
strchr
strncat
_except_handler3
wcscpy
malloc
strrchr
strcpy
strcat
memcmp
??2@YAPAXI@Z
memset
strstr
strlen
_ftol
ceil
__CxxFrameHandler
_CxxThrowException
_strnicmp
??3@YAXPAX@Z

kernel32

InterlockedExchange
RaiseException
GetLastError
VirtualAlloc
FreeLibrary
GetStartupInfoA
GetModuleHandleA
SetErrorMode
ReleaseMutex
GetVersionExA
OutputDebugStringA
LocalAlloc
WriteFile
GetProcessHeap
CreateEventA
Sleep
GetTickCount
CreateProcessA
SetFilePointer
CloseHandle
SetEvent
lstrcpyA
VirtualFree
LoadLibraryA
GetProcAddress

user32

GetThreadDesktop

advapi32

AllocateAndInitializeSid
RegSetValueExA
RegCreateKeyExA
FreeSid
RegSetKeySecurity
RegOpenKeyExA
RegOpenKeyA
RegQueryValueExA
RegEnumKeyExA
RegCloseKey
GetLengthSid
InitializeAcl
AddAccessAllowedAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl

shell32

SHGetSpecialFolderPathA

Sections

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c906f7081da8ba16310b9441f0eb3e00

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

advapi32

shell32

Sections

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 68KB - Virtual size: 69KB

.rsrc Size: 24KB - Virtual size: 24KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 68KB - Virtual size: 69KB

.rsrc
Size: 24KB - Virtual size: 24KB