40e7bf2fea6ef4c215f06496fb5c7aa4_JaffaCakes118

General

Target

40e7bf2fea6ef4c215f06496fb5c7aa4_JaffaCakes118
Size

27KB
MD5

40e7bf2fea6ef4c215f06496fb5c7aa4
SHA1

d1ecc18dc0cc89ffe37dc7ac8c220b39b2810b16
SHA256

91a01dcc78205843ced17e96d65673e0311724af1e83a5031187df339fbdec3b
SHA512

d5fe038ba0fc07baee10c464b82b38c9932bb5b20bfdb279822c47d9de7cce1018d9facf3ddbc4b343564ccfe467ef2f68d07cfed08e508ce039df9230df98a8
SSDEEP

384:xzc+K9cWtqt73CJLShGwqGtasQUWob0rGarkJK:pNCURosZWobyG6/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
40e7bf2fea6ef4c215f06496fb5c7aa4_JaffaCakes118

Files

40e7bf2fea6ef4c215f06496fb5c7aa4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c7c6f4d137445efb134bf2d58fe81055

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WritePrivateProfileStringA
GetPrivateProfileStringA
CloseHandle
WaitForSingleObject
GetWindowsDirectoryA
CopyFileA
GetSystemDirectoryA
GetModuleFileNameA
GetVersionExA
GetCurrentProcess
CreateEventA
CreateProcessA
GetCommandLineA
FreeEnvironmentStringsW
ExitProcess
SetStdHandle
SetFilePointer
FlushFileBuffers
GetLastError
LoadLibraryA
GetProcAddress
VirtualAlloc
HeapFree
HeapAlloc
WriteFile
VirtualFree
HeapCreate
HeapDestroy
CreateDirectoryA
GetVersion
GetStartupInfoA
TerminateProcess
RtlUnwind
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
GetACP
GetEnvironmentStringsW
WideCharToMultiByte
GetCPInfo
GetOEMCP
SetHandleCount
GetFileType
GetStdHandle

user32

wsprintfW

advapi32

GetTokenInformation
LookupAccountSidW
OpenProcessToken

ntdll

ZwCreateSymbolicLinkObject
strrchr
strncpy
tolower
sprintf
_chkstk
wcscat
RtlInitUnicodeString
ZwOpenSymbolicLinkObject
ZwQuerySymbolicLinkObject
ZwClose
wcscpy
_strnicmp

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 943B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c7c6f4d137445efb134bf2d58fe81055

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ntdll

Sections

.text Size: 16KB - Virtual size: 15KB

.rdata Size: 1024B - Virtual size: 943B

.data Size: 5KB - Virtual size: 9KB

.idata Size: 2KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 1024B - Virtual size: 943B

.data
Size: 5KB - Virtual size: 9KB

.idata
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB