43011957d54b1b0feb10c0b7c1c9a6b3_JaffaCakes118

General

Target

43011957d54b1b0feb10c0b7c1c9a6b3_JaffaCakes118
Size

483KB
MD5

43011957d54b1b0feb10c0b7c1c9a6b3
SHA1

e47bf6842754e3e848464d8ee472613157600517
SHA256

11d727e56004e56cf88070b5987fe65d7503b05a6c61a45493333a495aff6520
SHA512

f2ba12623f9b5261d87783abd1591ccd459016a0010013d1354cd9a9103f52087d44b92921ad04ddbfdbc40ae6da048ee957a001495fc964ddaafd5c63fa58e6
SSDEEP

12288:2osMyV+g0yvpUMpb04ESK8rozDhu3OQaK28eZfWPn/37W/+rcL7I8:3evC2vro3hu3+KL5LW/Ok

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
43011957d54b1b0feb10c0b7c1c9a6b3_JaffaCakes118

Files

43011957d54b1b0feb10c0b7c1c9a6b3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bb4ae100a5ebdc23dad0b8a6a274234b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapDestroy
LCMapStringW
MultiByteToWideChar
WriteFile
GetProcAddress
SetEnvironmentVariableA
HeapReAlloc
SetLastError
GetACP
GetVersionExA
GetCurrentProcessId
HeapAlloc
CompareStringW
GetOEMCP
UnhandledExceptionFilter
GetModuleHandleA
SetHandleCount
GetFullPathNameA
GetEnvironmentStrings
TlsSetValue
GetStringTypeA
IsValidCodePage
GetCommandLineA
IsBadWritePtr
TlsAlloc
CompareStringA
GetTimeZoneInformation
DosDateTimeToFileTime
WaitNamedPipeA
ExitProcess
GetTickCount
WaitCommEvent
IsValidLocale
HeapFree
GetFileType
GetModuleFileNameA
HeapSize
LoadLibraryA
QueryPerformanceCounter
GetEnvironmentStringsW
VirtualAlloc
WritePrivateProfileSectionW
GetCPInfo
VirtualQuery
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
RtlUnwind
GetLastError
GetStartupInfoA
GetSystemInfo
VirtualFree
SetFileAttributesW
LeaveCriticalSection
GetCurrentThread
GetSystemTimeAsFileTime
GetLocaleInfoA
EnumSystemLocalesA
GetThreadContext
GetLocaleInfoW
GetStdHandle
EnterCriticalSection
WideCharToMultiByte
TlsFree
InitializeCriticalSection
DeleteCriticalSection
GetStringTypeW
VirtualProtect
EnumSystemCodePagesW
LCMapStringA
FreeEnvironmentStringsA
GetTimeFormatA
SystemTimeToFileTime
InterlockedExchange
HeapCreate
GetUserDefaultLCID
GetDateFormatA
TlsGetValue
FreeEnvironmentStringsW

advapi32

RegFlushKey
RegEnumKeyExA
RegCloseKey
CryptSetProvParam
CryptDestroyKey
RegDeleteKeyW
CryptExportKey
RegSetValueW
RevertToSelf
CryptEnumProviderTypesW
RegDeleteValueW
CryptDuplicateHash
CryptSetProviderExA
RegLoadKeyA
CryptHashSessionKey
CryptDestroyHash

Sections

.text
Size: 166KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 312KB - Virtual size: 312KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bb4ae100a5ebdc23dad0b8a6a274234b

Headers

File Characteristics

Imports

kernel32

advapi32

Sections

.text Size: 166KB - Virtual size: 165KB

.data Size: 312KB - Virtual size: 312KB

.rsrc Size: 3KB - Virtual size: 3KB

.text
Size: 166KB - Virtual size: 165KB

.data
Size: 312KB - Virtual size: 312KB

.rsrc
Size: 3KB - Virtual size: 3KB