1821b948535f6c9e2905a7d55c142360_JaffaCakes118

General

Target

1821b948535f6c9e2905a7d55c142360_JaffaCakes118
Size

248KB
MD5

1821b948535f6c9e2905a7d55c142360
SHA1

41bde63f587f919077eb48a2f29a77731cbb8120
SHA256

ed480223266c7d36f0ca98ed382436a8284ff664dcff604ce1cd58447f385da6
SHA512

3aaf96eefadbf82d82037cbf85d1d49dd5194a1a02dd85b1adb7b46470db1edf20aeeae6fd7ad053b1a821dc4220a187ee878668078aea2cf61b98d2c3e01be3
SSDEEP

6144:B4ET7cg7QOp4grtl2qAhr2wm3uryzTD6L5LC1:BNT34SzT7+ryzEI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1821b948535f6c9e2905a7d55c142360_JaffaCakes118

Files

1821b948535f6c9e2905a7d55c142360_JaffaCakes118
.exe windows:4 windows x86 arch:x86

177bbcb975f558fabfc87fb55c4daad6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalFree
GetLastError
GetTimeZoneInformation
LocalAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
LocalFree
GetTickCount
GlobalAlloc
QueryPerformanceCounter
LoadLibraryExW
DeleteCriticalSection
FreeLibrary
InterlockedCompareExchange
Sleep
InterlockedExchange
InitializeCriticalSectionAndSpinCount
DisableThreadLibraryCalls
GetProcAddress
SetEvent
GetModuleHandleA
GetComputerNameA
VirtualProtect
GetStartupInfoA

advapi32

SystemFunction006

msvcrt

memcpy
memset
free
_XcptFilter
__dllonexit
_onexit
_exit
exit
wcslen
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
wcsncpy
wcscat
mbstowcs
memmove
_ltoa
time
_wcsicmp
wcscpy
_except_handler3
srand
_acmdln
rand
isdigit

msvcp60

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 220KB - Virtual size: 438KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

177bbcb975f558fabfc87fb55c4daad6

Headers

File Characteristics

Imports

kernel32

advapi32

msvcrt

msvcp60

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 220KB - Virtual size: 438KB

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 220KB - Virtual size: 438KB