150cff924f876fa36629cd5b240eaf89_JaffaCakes118

General

Target

150cff924f876fa36629cd5b240eaf89_JaffaCakes118
Size

22KB
MD5

150cff924f876fa36629cd5b240eaf89
SHA1

f8cc4ddf6e0050ea7d0b5f293e07112627d68672
SHA256

8230329e413ddaef7fe014cbca6c90f10cd2d16475b45c3d2219311d5957bac0
SHA512

0b2357d92b557241c9443547c9ab121e10a4abcfe731367bb8752b2da4689a821972459e487e043ca8ba5bfdb89c2cd15040b9fcb2a970fde55e6459ea6b00d9
SSDEEP

384:ftHdUA8iU76jMYfpaHKj7i8Kr/cSkAMbQMfK0mEHDiJyFlA+qwg:BWxYp6Ka8KrFVIfKrEjps+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
150cff924f876fa36629cd5b240eaf89_JaffaCakes118

Files

150cff924f876fa36629cd5b240eaf89_JaffaCakes118
.exe windows:4 windows x86 arch:x86

af9644a5c09d7784502528d2c5e00592

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

cygwin1

__getreent
__main
_ctype_
_impure_ptr
calloc
cygwin_conv_to_posix_path
cygwin_internal
dll_crt0__FP11per_process
exit
fprintf
free
fwrite
getenv
getopt_long
isatty
malloc
mbstowcs
memset
optarg
optind
printf
realloc
setmode
sprintf
strcasecmp
strcat
strcpy
strlcat
strlcpy
strlen
strtol

advapi32

AllocateAndInitializeSid
FreeSid
GetSidIdentifierAuthority
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
GetUserNameA
LookupAccountNameA
LookupAccountSidA
OpenProcessToken

kernel32

CloseHandle
FormatMessageA
GetComputerNameA
GetCurrentProcess
GetLastError
GetModuleHandleA
GetProcAddress
GetVersion
LoadLibraryA
MultiByteToWideChar
WideCharToMultiByte

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 608B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

af9644a5c09d7784502528d2c5e00592

Headers

File Characteristics

Imports

cygwin1

advapi32

kernel32

Sections

.text Size: 9KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 256B

.rdata Size: 2KB - Virtual size: 1KB

.bss Size: - Virtual size: 608B

.idata Size: 10KB - Virtual size: 20KB

.text
Size: 9KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 256B

.rdata
Size: 2KB - Virtual size: 1KB

.bss
Size: - Virtual size: 608B

.idata
Size: 10KB - Virtual size: 20KB