5014a1d55631c7325a956a0fe0581170_JaffaCakes118

General

Target

5014a1d55631c7325a956a0fe0581170_JaffaCakes118
Size

340KB
MD5

5014a1d55631c7325a956a0fe0581170
SHA1

f10f437b6272b4431f701284c95471351d9aadc3
SHA256

b1d271908794f38e87d7cb53e1ae776807e18110024dc021312fcee498f143c2
SHA512

6a09476280249c65b33d66d9853c024c2cd773e39861161845b1d4f44a70f76ed3b9a77f917a88bd0030ad936910bb61f793d2d61e38e9291434b95caceb74f9
SSDEEP

6144:RxFKhPSLaINj+BGGHq8oPK+WhdfO8mAcaBtaA4PDd6ESqYWke:coGINj+BZqh5MO8mF0EpDdfSqYWk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5014a1d55631c7325a956a0fe0581170_JaffaCakes118

Files

5014a1d55631c7325a956a0fe0581170_JaffaCakes118
.exe windows:4 windows x86 arch:x86

12b45246b22b3365731a0f32b22db7a6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

simpledx.pdb

Imports

kernel32

ResetEvent
CreateEventW
GetFileAttributesExA
ReadConsoleW
SetCurrentDirectoryA
GetFullPathNameW
GetShortPathNameA
WriteProcessMemory
CopyFileA
CloseHandle
IsValidCodePage
FoldStringA
GetVersionExW
FindFirstVolumeA
GetModuleHandleA
GetProcessHeap
GetStringTypeA
WriteConsoleA
CreateDirectoryA
GetLocalTime
CreateSemaphoreW
GetLocaleInfoA
GetDiskFreeSpaceA
DeleteFileA
GetLastError
lstrcmpA
GetProcAddress
GetEnvironmentVariableW
GetCurrentDirectoryW
FindNextVolumeA
InterlockedDecrement

credssp

SpAcceptSecurityContext
SpVerifySignature
SpEncryptMessage
SpDecryptMessage

cmpbk32

PhoneBookLoad
PhoneBookCopyFilter
PhoneBookEnumNumbers
PhoneBookEnumCountries
PhoneBookFreeFilter

shell32

SHGetFileInfoA
DllUnregisterServer
DragFinish
SHGetDataFromIDListA
DragAcceptFiles
StrChrA
SHGetDiskFreeSpaceA
SHChangeNotify
SHGetDesktopFolder
ShellAboutA

wtsapi32

WTSQueryUserToken
WTSEnumerateServersA
WTSUnRegisterSessionNotification
WTSVirtualChannelPurgeInput
WTSRegisterSessionNotification
WTSVirtualChannelRead
WTSSendMessageA
WTSLogoffSession
WTSVirtualChannelOpen
WTSVirtualChannelClose

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 256KB - Virtual size: 254KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

12b45246b22b3365731a0f32b22db7a6

Headers

File Characteristics

PDB Paths

Imports

kernel32

credssp

cmpbk32

shell32

wtsapi32

Sections

.text Size: 32KB - Virtual size: 29KB

.rdata Size: 40KB - Virtual size: 37KB

.data Size: 8KB - Virtual size: 4KB

.rsrc Size: 256KB - Virtual size: 254KB

.text
Size: 32KB - Virtual size: 29KB

.rdata
Size: 40KB - Virtual size: 37KB

.data
Size: 8KB - Virtual size: 4KB

.rsrc
Size: 256KB - Virtual size: 254KB