145d2eb7164557035870eedc3f90e4e0_JaffaCakes118

General

Target

145d2eb7164557035870eedc3f90e4e0_JaffaCakes118
Size

119KB
MD5

145d2eb7164557035870eedc3f90e4e0
SHA1

cb38f8384d3e38f0d81d0a7e7fb04960641d174c
SHA256

5db9e6fa974ec6d531e51a25baa20b39cbeced10dc3acecc269964bf31dab461
SHA512

1d773e40c07e4d942ee6c1c5f47e2164d738a7df2e1b053d0a69dfefef5d0c634386e4dc768789e07b9d223b96e6a574735b34a1449accbd737f56140dbeb41a
SSDEEP

3072:FVgEWdt8lCcsWElOxXhpLWtSspLp+fIgFf4rSZCMxuru:FVgZQPssRpLLs2aSwIv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/.exe

Files

145d2eb7164557035870eedc3f90e4e0_JaffaCakes118
.zip
.exe
.exe windows:1 windows x86 arch:x86

0b46f9037671fcc5dbf5457bf1915dbf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CryptBinaryToStringW

user32

GetWindowThreadProcessId
LoadStringW

shlwapi

PathAddExtensionA
PathFileExistsW
PathFindExtensionA

kernel32

DeleteFileA
FormatMessageW
FreeLibrary
GetCommandLineW
GetLastError
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
GetSystemDirectoryA
GetTickCount
LoadLibraryA
LoadLibraryW
LocalAlloc
LocalFree
MultiByteToWideChar
SetLastError
VirtualProtect
GetCommandLineA

winsta

WinStationEnumerateW
WinStationOpenServerW
WinStationFreeMemory

ntdll

NtClose
NtOpenKey
RtlAllocateHeap
RtlCreateAcl
RtlCreateSecurityDescriptor
RtlDosPathNameToNtPathName_U
RtlFreeHeap
RtlFreeUnicodeString
RtlInitUnicodeString
RtlLengthSid
RtlSetDaclSecurityDescriptor
_snwprintf

advapi32

RegOpenKeyExA
SetSecurityDescriptorDacl
RegSetValueExA

Sections

AUTO
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DGROUP
Size: 139KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0b46f9037671fcc5dbf5457bf1915dbf

Headers

File Characteristics

Imports

crypt32

user32

shlwapi

kernel32

winsta

ntdll

advapi32

Sections

AUTO Size: 9KB - Virtual size: 9KB

DGROUP Size: 139KB - Virtual size: 138KB

.idata Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size:

.rsrc Size: 2KB - Virtual size:

AUTO
Size: 9KB - Virtual size: 9KB

DGROUP
Size: 139KB - Virtual size: 138KB

.idata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size:

.rsrc
Size: 2KB - Virtual size: