43f775d490e0d4a7fbaf224aa56bdb65_JaffaCakes118

General

Target

43f775d490e0d4a7fbaf224aa56bdb65_JaffaCakes118
Size

151KB
MD5

43f775d490e0d4a7fbaf224aa56bdb65
SHA1

85fb3864795e239ebb3125ea48c772bd6489d434
SHA256

09a67ca56bedc524419d4ece26cda756a37b9fa471e87ec7d5fa2473210ed482
SHA512

cf456810b625e0553c12628d7b523492d63a4d0c4d21f702499edb02437147d4530abcf7c13fa1712388884b6cccedf6f730a99536c2e3bdbede0138be1962bb
SSDEEP

3072:BFiq7CCIFjIReXl5qF59JtLbiJv7jVocBN:yKCF5N+FrJtC7ycBN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
43f775d490e0d4a7fbaf224aa56bdb65_JaffaCakes118

Files

43f775d490e0d4a7fbaf224aa56bdb65_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6fe8c5408e7640e4014cf3df86c22147

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

SafeArrayGetUBound
SysFreeString
GetActiveObject
SafeArrayCreate
SysAllocStringByteLen
VariantClear

msvcrt

_atoi64
_acmdln
_exit
_c_exit
_chdir
_beep
__set_app_type
_cabs
exit
_adjust_fdiv
_except_handler3
__p__fmode
_XcptFilter
__p__commode
_access
_atoldbl
_initterm
__getmainargs
__setusermatherr
_controlfp
_assert

advapi32

RegOpenKeyExW
WmiReceiveNotificationsA
RegOpenKeyExA
RegQueryValueExW
RegQueryValueExA
WmiSetSingleItemW
RegCloseKey

kernel32

GetCurrentProcess
SetErrorMode
GetModuleHandleA
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
GetStartupInfoA
GetTickCount
VirtualAlloc

Sections

.textbss
Size: - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6fe8c5408e7640e4014cf3df86c22147

Headers

DLL Characteristics

File Characteristics

Imports

oleaut32

msvcrt

advapi32

kernel32

Sections

.textbss Size: - Virtual size: 108KB

.text Size: 12KB - Virtual size: 12KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 96KB - Virtual size: 95KB

.rsrc Size: 40KB - Virtual size: 39KB

.textbss
Size: - Virtual size: 108KB

.text
Size: 12KB - Virtual size: 12KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 96KB - Virtual size: 95KB

.rsrc
Size: 40KB - Virtual size: 39KB