26e9b7b495e302fbc6cd160be32602b5_JaffaCakes118

General

Target

26e9b7b495e302fbc6cd160be32602b5_JaffaCakes118
Size

1023KB
MD5

26e9b7b495e302fbc6cd160be32602b5
SHA1

50dd250f3b5534b566c427a81a2691202d78f460
SHA256

b4ed50833256dd30497430ab7ae859e3902e72a3dc202dff6168f941666af334
SHA512

5e8b0d5e4fc700a2c35266479c84eef8d571145d8a72e4729e9e5f531817ea65f00f6b11fd920186aa58d3d8a16e81778d360c501add1e8f1a83ff8ac99d191b
SSDEEP

24576:HzVgWpNmcXJR4rfJcuCcMZn2Gl0XOkA/KuoNgklMwDG:HzVjmcZR4rfJcu6Zn2Gl0XOkwKTNx9i

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
26e9b7b495e302fbc6cd160be32602b5_JaffaCakes118

Files

26e9b7b495e302fbc6cd160be32602b5_JaffaCakes118
.exe windows:6 windows x64 arch:x64

f2fafb66b08b2ce9140729982836d9e8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

Elevated_MpMiniSigStub.pdb

Imports

kernel32

GetLastError
CloseHandle
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetExitCodeProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetSystemDirectoryW
WaitForSingleObject
ExitProcess
CreateProcessW
GetCommandLineW
TerminateProcess
HeapSetInformation
EnumResourceNamesW
FindResourceW
LoadResource
HeapAlloc
HeapFree
CreateDirectoryW
GetProcessHeap
WriteFile
SizeofResource
CreateFileW
GetCurrentDirectoryW
LockResource
SetCurrentDirectoryW
DeleteFileW
SetFileAttributesW

advapi32

RegOpenKeyExW
RegSetValueExW
RegCloseKey
RegQueryValueExW
RegCreateKeyExW

ntdll

memset
DbgPrint
memcpy

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f2fafb66b08b2ce9140729982836d9e8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

ntdll

Sections

.text Size: 6KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 512B - Virtual size: 300B

.rsrc Size: 1.9MB - Virtual size: 1.9MB

.reloc Size: 512B - Virtual size: 60B

.text
Size: 6KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 512B - Virtual size: 300B

.rsrc
Size: 1.9MB - Virtual size: 1.9MB

.reloc
Size: 512B - Virtual size: 60B