10253475645f1e23b5a59456d2391a21_JaffaCakes118

General

Target

10253475645f1e23b5a59456d2391a21_JaffaCakes118
Size

104KB
MD5

10253475645f1e23b5a59456d2391a21
SHA1

64fc1d6ee07a0e924340ed29620eb5271061fb42
SHA256

e3b9c10be673b708c4e56a83903651f87331b112e5358921292fc4f310874bff
SHA512

672763be23e8929a97aa717c2c9f302a83a69681968151c9423a2e7e95652dc52a3540d93fcd1244ab1082ec1d7bedfbb21a6fe1ef8fe7db920c252abdd6f04a
SSDEEP

1536:+GHpTjWSKcAXc+5DcZpHHc/BaTacBP589990By9VT:nvvId5D2HHc/YTacBPmP90MT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
10253475645f1e23b5a59456d2391a21_JaffaCakes118

Files

10253475645f1e23b5a59456d2391a21_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9b26f651e156992c52f020d33e0247e9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleW
GetModuleFileNameW
lstrcpyW
FormatMessageW
InterlockedCompareExchange
InterlockedIncrement
InterlockedExchange
GetLastError
CreateEventW
GetEnvironmentVariableW
IsDebuggerPresent
OutputDebugStringA
DebugBreak
ExpandEnvironmentStringsW
DisableThreadLibraryCalls
GetCurrentProcessId
LocalAlloc
lstrcmpW
LocalFree
CloseHandle
GetSystemTimeAsFileTime
SetCurrentDirectoryW
CreateFileA
ReplaceFileW
GetTimeZoneInformation
GetVersionExA
GetLocaleInfoW

user32

CharLowerBuffW
wsprintfW

advapi32

OpenSCManagerW
CheckTokenMembership
AllocateAndInitializeSid
RegQueryInfoKeyW
RegConnectRegistryW
GetLengthSid
EqualSid
RegisterEventSourceW
ReportEventW
DeregisterEventSource
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptAcquireContextW
OpenProcessToken
GetTokenInformation
RegSetValueExW
RegEnumKeyExW
RegOpenKeyW
OpenServiceW
QueryServiceConfigW
QueryServiceStatus
CloseServiceHandle
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegNotifyChangeKeyValue
LookupAccountSidW
OpenThreadToken
SetThreadToken
RevertToSelf
RegQueryValueExW
FreeSid

ntdll

wcscmp
strspn
wcschr

msvcrt

system
vfprintf
putc
mblen
fgetpos
fgetc
getenv
wcscoll
fprintf
setlocale
exit
wctomb

secur32

FreeContextBuffer

Sections

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 398KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 828B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9b26f651e156992c52f020d33e0247e9

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ntdll

msvcrt

secur32

Sections

.text Size: 12KB - Virtual size: 9KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 80KB - Virtual size: 398KB

.rsrc Size: 4KB - Virtual size: 828B

.text
Size: 12KB - Virtual size: 9KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 80KB - Virtual size: 398KB

.rsrc
Size: 4KB - Virtual size: 828B