1681d72a81c75fe45133746bc9becb0d_JaffaCakes118

General

Target

1681d72a81c75fe45133746bc9becb0d_JaffaCakes118
Size

60KB
MD5

1681d72a81c75fe45133746bc9becb0d
SHA1

39b24c2da39a45cbdf5c3b776cce134913776226
SHA256

a166e2abf3b354587c4c4d75f3f8b142a068c321e94373a549d5b3666fb64837
SHA512

5fa245d9a39af374d2104b5eefd3e7c9894c5d4e90f66b696170a0606d4614582fd794842250684ab2fd1deffe3e822b3c92d821d07cd937755f1fec7cfdca65
SSDEEP

768:4DY9jNhtztgzaYRuNySHzqNz+RmtSHZ6k9DyOCVfq3BNX9yCZroKjrfO7:4Mj21STqNagwZ6k9i0PX11oKq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1681d72a81c75fe45133746bc9becb0d_JaffaCakes118

Files

1681d72a81c75fe45133746bc9becb0d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

861dbceabcf3001b9cc8de6174f0468d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeLibrary
GetModuleFileNameA
GetProcAddress
lstrcmpA
GetTimeFormatW
GetSystemDefaultLangID
GetVersionExA
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
SetLastError
LockResource
GetCurrentThreadId
MultiByteToWideChar
WideCharToMultiByte
LoadResource
lstrlenA
WaitForSingleObject
IsBadReadPtr
ReleaseMutex
CompareFileTime
CloseHandle
EnterCriticalSection
SystemTimeToFileTime
LeaveCriticalSection
GetLastError
Sleep
GetSystemTime
lstrcpynA
AreFileApisANSI
GetTickCount
GetUserDefaultLCID
LocalAlloc
GetLocaleInfoW
LocalReAlloc
GetCurrentProcess
LocalFree
DeleteFileW
ExpandEnvironmentStringsA
DeleteFileA
LoadLibraryA
LoadLibraryW
CreateProcessA
CreateProcessW
CreateMutexA
CreateMutexW
SearchPathA
SearchPathW
SetFileAttributesA
SetFileAttributesW
FindResourceA
FindResourceW
GetDateFormatW
GetTimeFormatA
ExpandEnvironmentStringsW
GetDateFormatA
HeapAlloc
GetProcessHeap
HeapFree
FreeResource

secur32

DecryptMessage
ExportSecurityContext
AddCredentialsW
SaslEnumerateProfilesW
AddSecurityPackageA
DeleteSecurityContext
RevertSecurityContext
InitializeSecurityContextA
AddSecurityPackageW
AcquireCredentialsHandleA
AcceptSecurityContext
QueryCredentialsAttributesA
SaslGetProfilePackageW
SaslIdentifyPackageA
InitSecurityInterfaceA
EnumerateSecurityPackagesW
SaslEnumerateProfilesA
ImportSecurityContextW
MakeSignature
EncryptMessage
CompleteAuthToken

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 514B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

861dbceabcf3001b9cc8de6174f0468d

Headers

File Characteristics

Imports

kernel32

secur32

Sections

.text Size: 28KB - Virtual size: 24KB

.data Size: 20KB - Virtual size: 16KB

.rsrc Size: 4KB - Virtual size: 904B

.reloc Size: 4KB - Virtual size: 514B

.text
Size: 28KB - Virtual size: 24KB

.data
Size: 20KB - Virtual size: 16KB

.rsrc
Size: 4KB - Virtual size: 904B

.reloc
Size: 4KB - Virtual size: 514B