f47808edf47a6accfb475111b5c5bddc_JaffaCakes118

General

Target

f47808edf47a6accfb475111b5c5bddc_JaffaCakes118
Size

216KB
MD5

f47808edf47a6accfb475111b5c5bddc
SHA1

8aefb988f40dd4b0bb64fd11f6a2e9ef0b1e409b
SHA256

1cee52bca04fbbc8c112b8a54cf8a437afc09663ca8d4708126924a013c5e66e
SHA512

68199c56bd0d3d50beddf4e454f2ff0cc6d079593553a545a10542d9aca5426143a1babc3b1b3c8747560d87f42ca5e600372c5b6f176a7886ad3d1e859efa0e
SSDEEP

6144:0qDweAKjIDGo1b2QjEBDX31uqKkLoRfzRRMO:0qDwxKj+zhIL31uqFMRHM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f47808edf47a6accfb475111b5c5bddc_JaffaCakes118

Files

f47808edf47a6accfb475111b5c5bddc_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f6b56a0791f47bc3cea8aee4483ebe5b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

RaiseException
LoadLibraryW
CreateFiberEx
TlsAlloc
FreeLibrary
VirtualProtect
LoadLibraryA
InterlockedCompareExchange
CreateSemaphoreW
WaitForSingleObject
GetLocaleInfoW
ReleaseSemaphore
Sleep
GetStartupInfoA
TerminateThread
GetLastError
UnhandledExceptionFilter
TlsFree
GetProcAddress
TlsGetValue
CloseHandle
GetProcessHeap
EnumResourceNamesA
GetCurrentThreadId
TerminateProcess
IsDebuggerPresent
GetCommandLineW
FoldStringW
DeleteFileW
FlushFileBuffers
GetCurrentProcess
QueryPerformanceCounter
LocalAlloc
SetUnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentProcessId
GetModuleHandleW
InterlockedExchange
GetModuleFileNameW

user32

IsIconic
IsZoomed
MapVirtualKeyW
GetSystemMetrics
ShowWindow
LoadImageW
LoadIconW
DestroyWindow
SetWindowPlacement
IsWindow
GetWindowPlacement
GetParent
UpdateWindow
SetWindowPos
RealGetWindowClass
SetForegroundWindow

setupapi

SetupDiGetDeviceRegistryPropertyW
CMP_WaitNoPendingInstallEvents
CM_Get_DevNode_Status

msimg32

AlphaBlend

Sections

.text
Size: 197KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f6b56a0791f47bc3cea8aee4483ebe5b

Headers

File Characteristics

Imports

kernel32

user32

setupapi

msimg32

Sections

.text Size: 197KB - Virtual size: 196KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 15KB - Virtual size: 15KB

.tls Size: 512B - Virtual size: 92KB

.text
Size: 197KB - Virtual size: 196KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 15KB - Virtual size: 15KB

.tls
Size: 512B - Virtual size: 92KB