13b56ad91f6a6af1efc16a3bfcb5477d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

13b56ad91f6a6af1efc16a3bfcb5477d_JaffaCakes118
Size

25KB
MD5

13b56ad91f6a6af1efc16a3bfcb5477d
SHA1

775384ccf1824df4040230b6708b8051d8db662a
SHA256

b0a182017b914729969c1d28c73eea9b6bcaa9f0f6dfb6825b96766cdc18a557
SHA512

5f801b40fe36d658f3fce3218b3bcde95433c813ab868848a77272401a9eec833281cb221ae7c708e5345715d6ac7715515f15939fead814d20e9b2521d41cf3
SSDEEP

384:DNKvuowvkKP3vaAf7MQHZa34SACInaPGvF6xUqYzuSSqm6qFWd3ymWfGKN:5wIPPZAJxGt/q6sqw1n9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
13b56ad91f6a6af1efc16a3bfcb5477d_JaffaCakes118

Files

13b56ad91f6a6af1efc16a3bfcb5477d_JaffaCakes118
.exe windows:6 windows x86 arch:x86

731203b30f3da3d178f79de77d52cbe3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

userinit.pdb

Imports

user32

GetSystemMetrics
SystemParametersInfoW
MessageBoxW
LoadStringW
LoadRemoteFonts
CreateWindowExW
ExitWindowsEx
GetKeyboardLayout
CharNextW
DefWindowProcW
RegisterClassExW
DestroyWindow

advapi32

RegOpenKeyExA
RegQueryValueExA
RegQueryInfoKeyW
RegDeleteTreeW
OpenProcessToken
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

crypt32

CryptProtectData

ntdll

RtlInitUnicodeString
NtOpenKey
NtClose
DbgPrint

netapi32

NetApiBufferFree
DsGetDcNameW

wldap32

ord73
ord88
ord14
ord12
ord145
ord46

userenv

ord175

kernel32

GetStartupInfoA
SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
InterlockedExchange
DelayLoadFailureHook
ExpandEnvironmentStringsA
LoadLibraryA
InterlockedCompareExchange
HeapSetInformation
GetCurrentThread
SetThreadPriority
CreateThread
SetCurrentDirectoryW
FormatMessageW
GetCurrentProcess
GetFileAttributesExW
GetSystemDirectoryW
SetLastError
ExpandEnvironmentStringsW
CreateProcessW
lstrlenW
GetVersionExW
LocalFree
LocalAlloc
GetEnvironmentVariableW
FreeLibrary
GetProcAddress
LoadLibraryW
CompareFileTime
SearchPathW
SetEnvironmentVariableW
GetLastError
CloseHandle
WaitForSingleObject
Sleep
OpenEventW
SetEvent
GetUserDefaultLangID

msvcrt

exit
_acmdln
_initterm
memmove
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_ismbblead
?terminate@@YAXXZ
_except_handler4_common
_controlfp
_XcptFilter
_vsnwprintf
_exit
_cexit
__getmainargs
_wcsicmp
__set_app_type
memset
_amsg_exit

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

731203b30f3da3d178f79de77d52cbe3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

advapi32

crypt32

ntdll

netapi32

wldap32

userenv

kernel32

msvcrt

Sections

.text Size: 19KB - Virtual size: 18KB

.data Size: 1KB - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 21KB

.text
Size: 19KB - Virtual size: 18KB

.data
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 21KB