12a69d01ebb0b8940c68e61344eceb7a_JaffaCakes118

General

Target

12a69d01ebb0b8940c68e61344eceb7a_JaffaCakes118
Size

128KB
MD5

12a69d01ebb0b8940c68e61344eceb7a
SHA1

92cd9de7b9154ea79d12ff7c93b7dc37d6998dca
SHA256

0a9f01dcf322f39b6747a1f3b0686228e4fd1d6ee79dade98d978d84603e9da8
SHA512

d8170db40696c50d6a92d73fb20cffc4278f1747c3f9bdbf81d03f7f553e4dbbed9d129cb617cc2261de7d13077a42779851a4cc29d5f5267048f5ec9b6b7a0b
SSDEEP

3072:lGR8rkqvn4IdmwlB1oAJKZfrYanqvvCC/mkwDs+5YJHCX:gRekuBpFUZqHCC+fDJ5YJHC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
12a69d01ebb0b8940c68e61344eceb7a_JaffaCakes118

Files

12a69d01ebb0b8940c68e61344eceb7a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f4f5d91199f9dbcae107667237a69ca5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
GetSystemTimeAsFileTime
InterlockedExchange
lstrcmpiW
HeapSize
OutputDebugStringA
ExitProcess
GetCommandLineW
LCMapStringA
GetCurrentThreadId
FreeEnvironmentStringsA
FileTimeToSystemTime
GetWindowsDirectoryW
ResumeThread
ExpandEnvironmentStringsW
CloseHandle
VirtualAlloc
GetCPInfo
DeleteFileA
GetCurrentProcessId
IsBadWritePtr
HeapAlloc
GetCommandLineA
InitializeCriticalSectionAndSpinCount
TlsFree
GetFullPathNameW
SetErrorMode

msvcrt

fclose
_iob
memcpy
_lock
_c_exit
wcsncmp
srand
fopen
iswspace
_wcsupr
__set_app_type
isxdigit
??3@YAXPAX@Z
malloc
qsort
swscanf
_itoa
__dllonexit
towupper
_XcptFilter

ole32

OleRegEnumVerbs
CoImpersonateClient
CoTaskMemFree
CreateBindCtx
StgCreateDocfileOnILockBytes
OleUninitialize
CoGetMalloc
OleSaveToStream
CoCreateInstance
ReadFmtUserTypeStg
StringFromGUID2
ProgIDFromCLSID
IIDFromString
CoRevertToSelf
CoCreateGuid
CoTaskMemRealloc
ReleaseStgMedium
CoFreeUnusedLibraries
PropVariantClear
StgIsStorageFile
CoUnmarshalInterface
CreateStreamOnHGlobal
CoRevokeClassObject
CreateDataAdviseHolder

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 64KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f4f5d91199f9dbcae107667237a69ca5

Headers

File Characteristics

Imports

kernel32

msvcrt

ole32

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 56KB - Virtual size: 56KB

.data Size: 64KB - Virtual size: 181KB

.reloc Size: 512B - Virtual size: 488B

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 56KB - Virtual size: 56KB

.data
Size: 64KB - Virtual size: 181KB

.reloc
Size: 512B - Virtual size: 488B