4377a78952de77e2d8aa3c3ec336166c_JaffaCakes118

General

Target

4377a78952de77e2d8aa3c3ec336166c_JaffaCakes118
Size

403KB
MD5

4377a78952de77e2d8aa3c3ec336166c
SHA1

f2fa0279970180ada6d9f5abd080ea429c3aa1b6
SHA256

01cbb220114891a6f0523858e6a957829990b46631733170bbfdc5fff74e1416
SHA512

f3a26f4404ec82b83a734eb37975776df053f6c22f21e8e8ae681ffccb32d8627cbe748b141f8f9b6c280ef95dc016f6d43ab04ac133350be7dff1a3d67ab6cc
SSDEEP

12288:qIKY2/sJ3RWaAfZJ1HuS410k4/pR2ShKO:vKY2/63Hw1HuST/p

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4377a78952de77e2d8aa3c3ec336166c_JaffaCakes118

Files

4377a78952de77e2d8aa3c3ec336166c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d2b710fff60709f525338228923e125d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TlsFree
TlsSetValue
HeapCreate
GetDiskFreeSpaceExA
GetProcAddress
GetCommandLineA
HeapReAlloc
IsBadWritePtr
DeleteCriticalSection
SetLastError
GetCurrentProcessId
HeapAlloc
GetProcessShutdownParameters
GetModuleFileNameW
TlsAlloc
GetModuleHandleA
HeapDestroy
TerminateThread
GetSystemTime
InterlockedExchange
GetStdHandle
VirtualFree
FreeEnvironmentStringsA
UnhandledExceptionFilter
CloseHandle
EnumDateFormatsExW
MultiByteToWideChar
GetThreadLocale
OpenMutexW
ExitProcess
GetTickCount
GetVersion
WriteFile
HeapFree
GetEnvironmentStrings
GetModuleFileNameA
TlsGetValue
LoadLibraryA
QueryPerformanceCounter
GetCurrentThread
VirtualAlloc
LeaveCriticalSection
EnterCriticalSection
VirtualQuery
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
RtlUnwind
GetEnvironmentStringsW
GetStartupInfoA
InitializeCriticalSection
SetHandleCount
OpenWaitableTimerW
GetPrivateProfileSectionNamesA
FreeEnvironmentStringsW
GetSystemTimeAsFileTime
GetFileType
GetACP
GetCommandLineW
GetLastError
GetStartupInfoW
WideCharToMultiByte
SetEndOfFile

advapi32

CryptSignHashW
LookupAccountNameW
RegQueryMultipleValuesA
RegSaveKeyW
InitializeSecurityDescriptor
RegQueryInfoKeyW
RegQueryInfoKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueA
RegLoadKeyW
GetUserNameW
RegQueryValueExA
RegQueryValueW
CryptCreateHash
RegLoadKeyA
CryptGenKey
CryptGetProvParam
CryptDuplicateKey
LookupPrivilegeValueA
RegDeleteValueW

Sections

.text
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 266KB - Virtual size: 282KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d2b710fff60709f525338228923e125d

Headers

File Characteristics

Imports

kernel32

advapi32

Sections

.text Size: 120KB - Virtual size: 119KB

.data Size: 266KB - Virtual size: 282KB

.rsrc Size: 16KB - Virtual size: 15KB

.text
Size: 120KB - Virtual size: 119KB

.data
Size: 266KB - Virtual size: 282KB

.rsrc
Size: 16KB - Virtual size: 15KB