2a7beb6248a60ec9a05627bdde177528_JaffaCakes118

General

Target

2a7beb6248a60ec9a05627bdde177528_JaffaCakes118
Size

410KB
MD5

2a7beb6248a60ec9a05627bdde177528
SHA1

57bbb32d39758a1f59cf284a4f029161f07a8e1a
SHA256

0633683844506e856f51386ce3e2d79c5b9d29e38c82bbff3bc07b2fe273fb09
SHA512

e4effd4caddc13c7f3539d508285ccbfc4fb16a7da30105f80b01962eb7a205ccd37172acce84c64e2083ead865dc8b80ffbd37022223adfdfaffdcadc676e1f
SSDEEP

6144:lQ5oz9Vh9aJRZuOz4qbe/uh+BfqSKTHCyZG5JLyYbNdelN6TLmZLkBoov4Eto9iu:lyo983z4qbee5SKTitCYbXUNeLMJea9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2a7beb6248a60ec9a05627bdde177528_JaffaCakes118

Files

2a7beb6248a60ec9a05627bdde177528_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cdf9efe2077654c8e7cc6533ef9bbe90

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetEnvironmentStrings
GetPrivateProfileIntW
GetUserDefaultLCID
CreateFileA
RtlUnwind
LCMapStringW
CreateMutexA
GetCurrentProcess
HeapCreate
VirtualAlloc
TlsSetValue
WideCharToMultiByte
HeapReAlloc
GetStdHandle
EnterCriticalSection
GetStartupInfoA
GetCPInfo
InterlockedExchange
GetModuleFileNameA
GetCurrentThread
LCMapStringA
ExitProcess
GetFileType
IsBadWritePtr
SetLastError
LoadLibraryA
GetTickCount
GetSystemTimeAsFileTime
HeapDestroy
GetACP
TlsGetValue
QueryPerformanceCounter
LeaveCriticalSection
UnhandledExceptionFilter
SetConsoleMode
VirtualQuery
GetCurrentThreadId
FreeEnvironmentStringsW
HeapAlloc
GetStringTypeW
HeapFree
GetDiskFreeSpaceExA
TerminateProcess
GetCurrentProcessId
ExitThread
MultiByteToWideChar
InitializeCriticalSection
WriteProfileStringW
TlsFree
FreeEnvironmentStringsA
GetLastError
SetHandleCount
GetCommandLineA
VirtualFree
WriteFile
GetDateFormatW
GetSystemDirectoryA
GetModuleHandleA
LocalFlags
GetEnvironmentStringsW
ReadFile
GlobalFindAtomA
GetVersion
SetComputerNameA
FoldStringW
DeleteCriticalSection
TlsAlloc
GetProcAddress
GetOEMCP
GetStringTypeA

advapi32

CryptGenKey
RegNotifyChangeKeyValue
CryptEnumProviderTypesA
CryptSetHashParam
CryptDecrypt
CryptGetDefaultProviderW
RegEnumKeyExW
LookupPrivilegeValueA
LookupPrivilegeNameA
RegEnumKeyExA
RegSetValueA
CryptDestroyHash
CryptDeriveKey
RegSetValueW
RegQueryValueA
CryptGenRandom
CryptGetUserKey
RegReplaceKeyW

user32

WINNLSGetIMEHotkey
SetClipboardViewer
DrawTextA

Sections

.text
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 302KB - Virtual size: 319KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cdf9efe2077654c8e7cc6533ef9bbe90

Headers

File Characteristics

Imports

kernel32

advapi32

user32

Sections

.text Size: 95KB - Virtual size: 94KB

.data Size: 302KB - Virtual size: 319KB

.rsrc Size: 12KB - Virtual size: 11KB

.text
Size: 95KB - Virtual size: 94KB

.data
Size: 302KB - Virtual size: 319KB

.rsrc
Size: 12KB - Virtual size: 11KB