12290e772f766495209c0209ee9b9b2e_JaffaCakes118

General

Target

12290e772f766495209c0209ee9b9b2e_JaffaCakes118
Size

153KB
MD5

12290e772f766495209c0209ee9b9b2e
SHA1

8f26f906fa535dfda3dac51deb291f6661ba2768
SHA256

c6cf948b28d92119ce63ea2b23f92eddaea8bcb52d15412779ee83510c7448c4
SHA512

6c964cab30eab828a246cd94a6b8f637165cd404695f1d6bf975e894922aba9e211654cf707edc92920375a10c3d46ab9fe7931503f948e00685825cb367c4b0
SSDEEP

3072:+CGQej8uLCOjsvlpZ5Q/UAeLJv3q7R/so7KyU/vAOdPUE0R1+n:hps8wCOjSzm/UHqZR7KyUA9E0y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
12290e772f766495209c0209ee9b9b2e_JaffaCakes118

Files

12290e772f766495209c0209ee9b9b2e_JaffaCakes118
.exe windows:1 windows x86 arch:x86

1b197b25522ad606c273075b99bf6dc0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetProcessWorkingSetSize
GetModuleHandleA
ExitThread
GetLocaleInfoA
CreateProcessA
RaiseException
WriteConsoleA
GetCurrentProcess
VerLanguageNameA
SizeofResource
SetEndOfFile
GetStartupInfoA
EnterCriticalSection
GetSystemDirectoryA
GetModuleHandleW
GetTickCount
SetLastError
GetComputerNameW
FreeLibrary
GetFileType
ReadProcessMemory

user32

GetClassLongA
ModifyMenuA
InvalidateRgn
ExitWindowsEx
BeginDeferWindowPos
DispatchMessageA
GetDlgCtrlID
DefFrameProcA
GetMessageA
TranslateMessage
MapWindowPoints
GetWindowRect
RegisterClassA
InflateRect
IsWindowVisible
OpenClipboard
GetUserObjectSecurity
IsDialogMessageA

gdi32

CreateSolidBrush
SelectClipRgn
GetDeviceCaps
GetObjectA
CreatePen
Polyline
SetTextColor
GetTextMetricsA
GetTextExtentPoint32A
BitBlt
SaveDC
SetTextAlign
CreateRectRgn

msvcrt

_XcptFilter
_exit
__p__fmode
_mkdir
_rotl
__getmainargs
__p__commode
_mbsnccnt
_ismbcl1
wcscmp
__setusermatherr
_acmdln
_ismbbalnum
_initterm
mbstowcs
_waccess
_controlfp
__set_app_type
fclose
iswalnum
_except_handler3
isxdigit
_adjust_fdiv
exit
memcpy

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1b197b25522ad606c273075b99bf6dc0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msvcrt

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 2KB - Virtual size: 192KB

.rsrc Size: 127KB - Virtual size: 126KB

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 2KB - Virtual size: 192KB

.rsrc
Size: 127KB - Virtual size: 126KB