36ffb1e577efadbeabd83fb2eec81fbc_JaffaCakes118

General

Target

36ffb1e577efadbeabd83fb2eec81fbc_JaffaCakes118
Size

38KB
MD5

36ffb1e577efadbeabd83fb2eec81fbc
SHA1

5c2c385563b8e0b6d3cd3672944cb19fb90b5ae1
SHA256

2737754e2a0dacf8fe18d1e1d76c40240e76fb71b05a535fe8eb5cad2e64b171
SHA512

a2973cd1879ea69f27a1f77d8026df7e14a55c9651a26fed094d919ea80a3db2d86a04276e3e45afdff44fa7ac423bc0bf05e957b27b4de242e39ec0b5dff991
SSDEEP

768:hmOCH4aeB5AL0g6MQg2FiCzHinn+WpzaK4ZPy8zhidfLNnZD:h8H4n500Rq8PsztSTMVLNZD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
36ffb1e577efadbeabd83fb2eec81fbc_JaffaCakes118

Files

36ffb1e577efadbeabd83fb2eec81fbc_JaffaCakes118
.exe regsvr32 windows:4 windows x86 arch:x86

3c494fa0bfa59647100b5f733889b56c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
CreateMutexA
CloseHandle
CreateFileA
GetTickCount
Sleep
CreateEventA
ExitProcess
ReadFile
SetFilePointer
DeviceIoControl
WriteFile
VirtualFree
VirtualAlloc
InterlockedExchange
WaitForSingleObject
OpenEventA
WinExec
GetModuleFileNameA
MoveFileExA
DeleteFileA
GetFileAttributesA
FindClose
FindNextFileA
FindFirstFileA
ExpandEnvironmentStringsA
lstrlenA
VirtualQuery
GetSystemInfo
VirtualProtect
GetCommandLineA
GetVersionExA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetProcAddress
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCurrentThreadId
HeapFree
HeapAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
OutputDebugStringA
LoadLibraryA
InitializeCriticalSection
GetModuleHandleW
GetCPInfo
GetACP
GetOEMCP
HeapReAlloc
RtlUnwind
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW

user32

ExitWindowsEx
wsprintfA

ntdll

memset
memcpy

Exports

Exports

DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 291KB - Virtual size: 293KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3c494fa0bfa59647100b5f733889b56c

Headers

File Characteristics

Imports

kernel32

user32

ntdll

Exports

Exports

Sections

.text Size: 35KB - Virtual size: 34KB

.data Size: 291KB - Virtual size: 293KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 35KB - Virtual size: 34KB

.data
Size: 291KB - Virtual size: 293KB

.reloc
Size: 4KB - Virtual size: 3KB