2dd9f65e3f799cf0c98d797bbe13bbaf_JaffaCakes118

General

Target

2dd9f65e3f799cf0c98d797bbe13bbaf_JaffaCakes118
Size

167KB
MD5

2dd9f65e3f799cf0c98d797bbe13bbaf
SHA1

7f4b5c5b1cefa99b40d48442d6af65189cb8192e
SHA256

ab14489cde6b8939b5d6a7499a1db8157a3018b21b0f16282e4bfa8a242092ac
SHA512

2429678e8a6b3341fd6fb9fa6c3c4d8cce0412e1629dadc8cf1bc0b21551d42e54dc03f8d777a3bd53604335d79fb580630a3c79a0ac2141de7de8d85de5defd
SSDEEP

3072:A6c66Jl7z0WM8FGy6JhUsuTqkx/QrTH0yzA5ZMY7QoUi1jSAY:A6VClEhwGNoqkx/WjPzKZMYUQjv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2dd9f65e3f799cf0c98d797bbe13bbaf_JaffaCakes118

Files

2dd9f65e3f799cf0c98d797bbe13bbaf_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ade1c2dd11ec4f98a8507b679ac8410a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

setup.pdb

Imports

user32

MessageBoxW
SendMessageW
IsWindow

kernel32

GetCommandLineW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetFullPathNameW
GetModuleHandleA
FindNextFileW
InterlockedExchange
SetUnhandledExceptionFilter
Sleep
TerminateProcess
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualProtect
lstrlenW
FindFirstFileW
ExitProcess
GetProcAddress

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

gdi32

PolyDraw
ArcTo

shell32

SHGetSpecialFolderLocation
SHCreateDirectoryExW
CommandLineToArgvW

msvcrt

_XcptFilter
__getmainargs
__p__commode
__p__fmode
__set_app_type
__setusermatherr
_amsg_exit
_cexit
_controlfp
_exit
_initterm
_ismbblead
_wcsdup
_wcslwr
exit
free
memset
printf
wcsstr
wprintf

Exports

Exports

APCMOpen
ARawDecodeDone
AllocBuffers
GetDllMajorVersion
HrGetMsgParam
IsValidFileIfFileUrlW
WriteSpan

Sections

.text
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ade1c2dd11ec4f98a8507b679ac8410a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

kernel32

advapi32

gdi32

shell32

msvcrt

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 52KB

.rdata Size: 95KB - Virtual size: 94KB

.data Size: 17KB - Virtual size: 17KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 52KB - Virtual size: 52KB

.rdata
Size: 95KB - Virtual size: 94KB

.data
Size: 17KB - Virtual size: 17KB

.rsrc
Size: 1KB - Virtual size: 1KB