1853ee07db2626e4fdc2fad553727027_JaffaCakes118

General

Target

1853ee07db2626e4fdc2fad553727027_JaffaCakes118
Size

152KB
MD5

1853ee07db2626e4fdc2fad553727027
SHA1

b2f92913c1ddb6304b8d0ecace964c880662f897
SHA256

087ce2517f7eb39ccd247d4719b6582fc55b6fe7fed3abced707c7a974001bb3
SHA512

b06bcd1f58404a4d4d1e7039d69d20bcda8f8129ec0ec314d4f3181687c9e0c74e8b5b2a9f740cd1223f51edf7957d657374014b24c5096ffad8b16595c2d40f
SSDEEP

3072:ZJqwIOlJvKoXvUEtaLMorXz//9uuW6Z/WHaBu0/jz3uYpoPx:Z9ll5K5L5DEuWQ/hBu0rLU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1853ee07db2626e4fdc2fad553727027_JaffaCakes118

Files

1853ee07db2626e4fdc2fad553727027_JaffaCakes118
.exe windows:4 windows x86 arch:x86

fb15b372b4a004ecca79fb606a315b13

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LCMapStringA
LoadLibraryA
GetOEMCP
GetACP
GetStringTypeW
MultiByteToWideChar
WriteFile
RtlUnwind
GetFileType
GetStdHandle
SetHandleCount
WriteConsoleA
GetLocalTime
GetCurrentProcess
FileTimeToSystemTime
CreateEventA
GetCPInfo
FormatMessageA
SetSystemPowerState
GetStartupInfoA
GetSystemTimeAsFileTime
GetStringTypeA
GetCommandLineW
LCMapStringW
GetEnvironmentStringsW
GetEnvironmentStrings
HeapAlloc
GetModuleHandleA
GetCommandLineA
GetVersion
ExitProcess
GetProcAddress
HeapDestroy
HeapCreate
VirtualFree
HeapFree
VirtualAlloc
HeapReAlloc
TerminateProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte

user32

ReleaseCapture
SetWindowsHookExA
CharToOemA
GetMessageA
DrawIcon
LoadIconW
RegisterClassExA
LoadImageA
WindowFromPoint
GetWindowTextLengthA
SystemParametersInfoW

gdi32

SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
DPtoLP
CreateDCA
GetObjectA
CreatePen
DeleteObject
DeleteDC
BitBlt
OffsetViewportOrgEx

version

GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fb15b372b4a004ecca79fb606a315b13

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

version

Sections

.text Size: 56KB - Virtual size: 55KB

.data Size: 84KB - Virtual size: 162KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 56KB - Virtual size: 55KB

.data
Size: 84KB - Virtual size: 162KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 1KB