de5653cf0d7b491fdb40b6637916ab13_JaffaCakes118

General

Target

de5653cf0d7b491fdb40b6637916ab13_JaffaCakes118
Size

181KB
MD5

de5653cf0d7b491fdb40b6637916ab13
SHA1

15bddbb336359eb0706a36e8d61c700efc068c63
SHA256

84021a22457ad93f251de3f4238e58b611f36099248f24cc4147a34e5a5e94eb
SHA512

0de104787347dfb21cdd87828aeccb99ee15e554234413967a1d93943f3ce6d2632cfdc62e1d5256db61b7dc1071a46de89256d1e295a8b61eb6416699db659a
SSDEEP

3072:KRU4MXPhi2IHax3QJvXWY8LkYqWv9rh2vFsanr/VUJkcmmyEYh0J4pj:oU4aM20vq4oj2tr/4YP0G

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
de5653cf0d7b491fdb40b6637916ab13_JaffaCakes118

Files

de5653cf0d7b491fdb40b6637916ab13_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d365c5f1cde91a88d379752ce6274ff7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

rpcrt4

UuidCreate

user32

GetAncestor
MessageBoxW

shell32

SHCreateDirectoryExW
SHFileOperationW
SHGetFolderPathW

kernel32

SetEndOfFile
GetFullPathNameW
DeleteCriticalSection
LeaveCriticalSection
GetThreadPriority
HeapSize
LCMapStringW
GetModuleHandleA
GetConsoleOutputCP
SetStdHandle
CloseHandle
GlobalAlloc
TerminateProcess
GetCommandLineA
RtlUnwind
GetCurrentProcess
GetCurrentThreadId
Sleep
InterlockedDecrement
SetupComm
HeapFree
WideCharToMultiByte
GetCPInfo
GetUserDefaultLCID
InitializeCriticalSection
EnterCriticalSection
ReadFile
EnumResourceNamesA
RaiseException
GetVersionExA
SetUnhandledExceptionFilter
GetLastError
GetProcAddress
GetLocaleInfoW
MultiByteToWideChar
GetProcessHeap
UnhandledExceptionFilter
WriteFile
ExitProcess
HeapReAlloc
InterlockedIncrement
ExitProcess
IsDebuggerPresent
IsValidLocale
WriteConsoleA
EnumSystemLocalesA
LCMapStringA
IsValidCodePage
GetModuleFileNameW
HeapAlloc
GetCurrentDirectoryW
WriteConsoleW
CreateFileA
GetFullPathNameA

Sections

.text
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt
Size: 512B - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d365c5f1cde91a88d379752ce6274ff7

Headers

File Characteristics

Imports

rpcrt4

user32

shell32

kernel32

Sections

.text Size: 152KB - Virtual size: 152KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 25KB - Virtual size: 25KB

.crt Size: 512B - Virtual size: 216KB

.text
Size: 152KB - Virtual size: 152KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 25KB - Virtual size: 25KB

.crt
Size: 512B - Virtual size: 216KB