37ae49a64a538d20ece4eab6d0afb887_JaffaCakes118

General

Target

37ae49a64a538d20ece4eab6d0afb887_JaffaCakes118
Size

436KB
MD5

37ae49a64a538d20ece4eab6d0afb887
SHA1

903d216e6f5b88e97157de848f96d4cf55ccb717
SHA256

e711e4c714c694239bd0167f0e8193c47536c43c1adb36702f742582b3c4e639
SHA512

5a7057bdaa51489f1321060fe5a1ff99ce3cf539d1cfe91b66c9b458308bdffad55d6ffd6be197955769a6d98f111967019d6eef4e8c25e3a26601acedb01fac
SSDEEP

6144:woJx8Ibbm8CXq7vchWaAyl/h3VnMDQOdTSBxVsQE0wpEVrDOdl0VswgQ:woJyImjavC/B/TbwTSBvu0wpm2wSy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
37ae49a64a538d20ece4eab6d0afb887_JaffaCakes118

Files

37ae49a64a538d20ece4eab6d0afb887_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d8446b1ae35bd139693200823ca600bc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapDestroy
IsValidLocale
LCMapStringW
TlsSetValue
GetProcAddress
LeaveCriticalSection
HeapReAlloc
VirtualFree
GetCommandLineW
GetVersionExA
GetCurrentProcessId
WriteFile
FreeEnvironmentStringsA
GetProcessHeap
Sleep
GetModuleHandleA
MultiByteToWideChar
FillConsoleOutputCharacterA
CompareStringA
SetUnhandledExceptionFilter
GetStdHandle
InterlockedIncrement
GetDateFormatA
InterlockedDecrement
SetEnvironmentVariableA
EnumSystemLocalesA
GetTimeZoneInformation
DeleteCriticalSection
InterlockedExchangeAdd
ExitProcess
GetTickCount
CompareStringW
WideCharToMultiByte
HeapFree
GetLastError
GetModuleFileNameA
HeapSize
LoadLibraryA
QueryPerformanceCounter
GetFileType
VirtualAlloc
GetOEMCP
GetCurrentThread
VirtualQuery
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
RtlUnwind
GetLocaleInfoA
GetStartupInfoA
GetStringTypeW
TlsAlloc
FindFirstFileExA
LCMapStringA
GetEnvironmentStrings
GetSystemTimeAsFileTime
GetLocaleInfoW
GetACP
GetLongPathNameA
GetModuleFileNameW
GetStartupInfoW
FreeLibrary
TlsGetValue
SetHandleCount
InitializeCriticalSection
FreeEnvironmentStringsW
GetStringTypeA
TlsFree
EnterCriticalSection
IsValidCodePage
UnhandledExceptionFilter
GetTimeFormatA
RtlMoveMemory
InterlockedExchange
HeapCreate
GetUserDefaultLCID
GetEnvironmentStringsW
SetLastError
GetCommandLineA
GetCPInfo
SetConsoleCtrlHandler
IsDebuggerPresent
HeapAlloc

advapi32

RegSaveKeyA
DuplicateTokenEx
RegEnumKeyA
CryptHashData
RegSaveKeyW
RegConnectRegistryW
LogonUserA
ReportEventW
CryptDeriveKey
CryptGetDefaultProviderW

Sections

.text
Size: 151KB - Virtual size: 150KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 277KB - Virtual size: 295KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d8446b1ae35bd139693200823ca600bc

Headers

File Characteristics

Imports

kernel32

advapi32

Sections

.text Size: 151KB - Virtual size: 150KB

.data Size: 277KB - Virtual size: 295KB

.rsrc Size: 7KB - Virtual size: 6KB

.text
Size: 151KB - Virtual size: 150KB

.data
Size: 277KB - Virtual size: 295KB

.rsrc
Size: 7KB - Virtual size: 6KB